6.1 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
0.0005 Low
EPSS
Percentile
17.9%
matrix-react-sdk is vulnerable to Cross-Site Scripting. The vulnerability is due to a lack of HTML sanitization in the export chat feature, which results in Cross-Site Scripting.
CPE | Name | Operator | Version |
---|---|---|---|
matrix-react-sdk | le | 3.76.0-rc.2 | |
matrix-react-sdk | le | 3.76.0-rc.2 |