Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-0776
CVE-2022-0776:
JavaScript vulnerability analysis and mitigation
Overview
Cross-site Scripting (XSS) - DOM vulnerability was identified in GitHub repository hakimel/reveal.js versions prior to 4.3.0. The vulnerability was discovered and disclosed in March 2022, affecting the reveal.js presentation framework (NVD, CVE).
Technical details
The vulnerability is classified as a DOM-based Cross-site Scripting (XSS) issue with a CVSS v3.1 score of 6.1 (Medium) and CVSS v2.0 score of 4.3 (Medium). The weakness is categorized as CWE-79 (Cross-site Scripting) (NVD Results).
Impact
The DOM-based XSS vulnerability could allow attackers to execute malicious scripts in the context of the victim's browser, potentially leading to theft of sensitive information, session hijacking, or other client-side attacks (NVD).
Mitigation and workarounds
The vulnerability was patched in reveal.js version 4.3.0. Users are advised to upgrade to this version or later to mitigate the security risk. The fix includes implementing proper origin validation for message events (GitHub Commit).
Additional resources
Source: This report was generated using AI
Related JavaScript vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management