GHSA-c9vx-2g7w-rp65
Suggest an improvement- Source
- https://github.com/advisories/GHSA-c9vx-2g7w-rp65
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-c9vx-2g7w-rp65/GHSA-c9vx-2g7w-rp65.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-c9vx-2g7w-rp65
- Aliases
- Related
- Published
- 2023-07-18T16:58:01Z
- Modified
- 2023-11-08T04:13:00.301912Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N CVSS Calculator
- Summary
- matrix-react-sdk vulnerable to XSS in Export Chat feature
- Details
-
Description
The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored XSS.
Impact
Since the Export Chat feature generates a separate document, an attacker can only inject code run from the
nullorigin, restricting the impact.However, the attacker can still potentially use the XSS to leak message contents. A malicious homeserver is a potential attacker since the affected inputs are controllable server-side.
Patches
This was patched in matrix-react-sdk 3.76.0.
Workarounds
None, other than not using the Export Chat feature.
References
N/A
- Database specific
{ "github_reviewed_at": "2023-07-18T16:58:01Z", "cwe_ids": [ "CWE-79", "CWE-80" ], "nvd_published_at": "2023-07-18T17:15:11Z", "severity": "MODERATE", "github_reviewed": true }- References
-
- https://github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-c9vx-2g7w-rp65
- https://nvd.nist.gov/vuln/detail/CVE-2023-37259
- https://github.com/matrix-org/matrix-react-sdk/commit/22fcd34c606f32129ebc967fc21f24fb708a98b8
- https://github.com/matrix-org/matrix-react-sdk
- https://github.com/matrix-org/matrix-react-sdk/releases/tag/v3.76.0
Affected packages
npm / matrix-react-sdk
Package
- Name
- matrix-react-sdk
- View open source insights on deps.dev
- Purl
- pkg:npm/matrix-react-sdk