PT-2023-25862 · Unknown · Matrix-React-Sdk

Andybalaam

Published

2023-07-18

Updated

2024-06-15

CVE-2023-37259

CVSS v3.1

6.1

Medium

Vector

AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions matrix-react-sdk versions prior to 3.76.0

Description The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored Cross site scripting (XSS). Since the Export Chat feature generates a separate document, an attacker can only inject code run from the null origin, restricting the impact. However, the attacker can still potentially use the XSS to leak message contents. A malicious homeserver is a potential attacker since the affected inputs are controllable server-side.

Recommendations To resolve the issue, upgrade to release version 3.76.0 or later. As a temporary workaround, consider disabling or not using the Export Chat feature until a patch is available.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-80CWE-79

Related Identifiers

CVE-2023-37259

GHSA-C9VX-2G7W-RP65

OPENSUSE-SU-2024:13054-1

OPENSUSE-SU-2024:13055-1

Affected Products

Matrix-React-Sdk

PT-2023-25862 · Unknown · Matrix-React-Sdk

CVE-2023-37259

Weakness Enumeration

Related Identifiers

Affected Products

References · 12