Add revealjs-postmessage-xss.yaml (CVE-2022-0776)

[bnematzadeh]

Template / PR Information

• Add revealjs-postmessage-xss.yaml Template

• References:

  • Fix DOM XSS hakimel/reveal.js#3137
  • https://hackerone.com/reports/691977

Template Validation

I've validated this template locally?

• YES
• NO

[ehsandeep]

Thank you for writing and sharing headless template @bnematzadeh, I've made some changes in the matcher + code, could you please confirm that the changes look good to you or if any further changes are required to improve this?

echo http://localhost:8000 | nuclei -t cves/2022/CVE-2022-0776.yaml -headless

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   2.7.1

		projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions.
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[INF] Using Nuclei Engine 2.7.1 (latest)
[INF] Using Nuclei Templates 9.0.3 (latest)
[INF] Templates added in last update: 47
[INF] Templates loaded for scan: 1
[CVE-2022-0776] [headless] [medium] http://localhost:8000

[bnematzadeh]

Hi @ehsandeep. It looks good to me! Thanks for updating this template.