CVE-2023-37259 – matrix-react-sdk

Package

Manager: npm
Name: matrix-react-sdk
Vulnerable Version: >=3.32.0 <3.76.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N

EPSS: 0.00189 pctl0.40937

Details

matrix-react-sdk vulnerable to XSS in Export Chat feature ### Description The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored XSS. ### Impact Since the Export Chat feature generates a separate document, an attacker can only inject code run from the `null` origin, restricting the impact. However, the attacker can still potentially use the XSS to leak message contents. A malicious homeserver is a potential attacker since the affected inputs are controllable server-side. ### Patches This was patched in matrix-react-sdk 3.76.0. ### Workarounds None, other than not using the Export Chat feature. ### References N/A

Metadata

Created: 2023-07-18T16:58:01Z
Modified: 2023-07-19T20:04:38Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-c9vx-2g7w-rp65/GHSA-c9vx-2g7w-rp65.json
CWE IDs: ["CWE-79", "CWE-80"]
Alternative ID: GHSA-c9vx-2g7w-rp65
Finding: F425
Auto approve: 1