6.1 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
0.0005 Low
EPSS
Percentile
17.9%
The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored XSS.
Since the Export Chat feature generates a separate document, an attacker can only inject code run from the null
origin, restricting the impact.
However, the attacker can still potentially use the XSS to leak message contents. A malicious homeserver is a potential attacker since the affected inputs are controllable server-side.
This was patched in matrix-react-sdk 3.76.0.
None, other than not using the Export Chat feature.
N/A
CPE | Name | Operator | Version |
---|---|---|---|
matrix-react-sdk | lt | 3.76.0 |
github.com/advisories/GHSA-c9vx-2g7w-rp65
github.com/matrix-org/matrix-react-sdk/commit/22fcd34c606f32129ebc967fc21f24fb708a98b8
github.com/matrix-org/matrix-react-sdk/releases/tag/v3.76.0
github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-c9vx-2g7w-rp65
nvd.nist.gov/vuln/detail/CVE-2023-37259