CVE-2023-30609 – matrix-react-sdk

Package

Manager: npm
Name: matrix-react-sdk
Vulnerable Version: >=0 <3.71.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L

EPSS: 0.00385 pctl0.58939

Details

HTML injection in search results via plaintext message highlighting ### Impact Plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching for a specific message containing an HTML injection payload. Cross-site scripting is possible by including resources from `recaptcha.net` and `gstatic.com` which are included in the default CSP. Thanks to [Cadence Ember](https://cadence.moe/) for finding the injection and to [S1m](https://github.com/p1gp1g/) for finding possible XSS vectors. ### Patches Version 3.71.0 of the SDK fixes the issue. ### Workarounds Restarting the client will clear the injection.

Metadata

Created: 2023-04-25T19:48:11Z
Modified: 2023-09-22T19:51:24Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-xv83-x443-7rmw/GHSA-xv83-x443-7rmw.json
CWE IDs: ["CWE-74", "CWE-79"]
Alternative ID: GHSA-xv83-x443-7rmw
Finding: F008
Auto approve: 1