GoogleOSV:GHSA-C9VX-2G7W-RP65matrix-react-sdk vulnerable to XSS in Export Chat feature
6.1 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
0.0005 Low
EPSS
Percentile
17.9%
Description
The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored XSS.
Impact
Since the Export Chat feature generates a separate document, an attacker can only inject code run from the null origin, restricting the impact.
However, the attacker can still potentially use the XSS to leak message contents. A malicious homeserver is a potential attacker since the affected inputs are controllable server-side.
Patches
This was patched in matrix-react-sdk 3.76.0.
Workarounds
None, other than not using the Export Chat feature.
References
N/A
| CPE | Name | Operator | Version |
|---|---|---|---|
| matrix-react-sdk | lt | 3.76.0 | |
| matrix-react-sdk | ge | 3.32.0 |
References
github.com/matrix-org/matrix-react-sdk
github.com/matrix-org/matrix-react-sdk/commit/22fcd34c606f32129ebc967fc21f24fb708a98b8
github.com/matrix-org/matrix-react-sdk/releases/tag/v3.76.0
github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-c9vx-2g7w-rp65
nvd.nist.gov/vuln/detail/CVE-2023-37259
Related
6.1 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
0.0005 Low
EPSS
Percentile
17.9%