CVE-2023-37259
MEDIUM6.1EPSS 0.24%matrix-react-sdk vulnerable to XSS in Export Chat feature
Published: 7/18/2023Modified: 11/8/2023
Also known as:GHSA-c9vx-2g7w-rp65
Description
### Description The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored XSS. ### Impact Since the Export Chat feature generates a separate document, an attacker can only inject code run from the `null` origin, restricting the impact. However, the attacker can still potentially use the XSS to leak message contents. A malicious homeserver is a potential attacker since the affected inputs are controllable server-side. ### Patches This was patched in matrix-react-sdk 3.76.0. ### Workarounds None, other than not using the Export Chat feature. ### References N/A
Affected packages (1)
- npm/matrix-react-sdk>= 3.32.0, < 3.76.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N |
References (5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-37259
- PATCHhttps://github.com/matrix-org/matrix-react-sdk
- WEBhttps://github.com/matrix-org/matrix-react-sdk/commit/22fcd34c606f32129ebc967fc21f24fb708a98b8
- WEBhttps://github.com/matrix-org/matrix-react-sdk/releases/tag/v3.76.0
- WEBhttps://github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-c9vx-2g7w-rp65