.. / CVE-2022-0776

Exploit for RevealJS postMessage <4.3.0 - Cross-Site Scripting (CVE-2022-0776)

Description:

RevealJS postMessage before 4.3.0 contains a cross-site scripting vulnerability via the document object model.

Nuclei Template

View the template here CVE-2022-0776.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-0776.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2022-0776
https://github.com/hakimel/reveal.js/commit/32cdd3b1872ba8e2267c9e87ae216cb55f40f4d2
https://hackerone.com/reports/691977
https://huntr.dev/bounties/be2b7ee4-f487-42e1-874a-6bcc410e4001/
https://github.com/hakimel/reveal.js/pull/3137