matrix-react-sdk vulnerable to XSS in Export Chat feature

GHSA-c9vx-2g7w-rp65 · CVE-2023-37259

Published Jul 18, 2023 · Modified Nov 8, 2023

Description

The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored XSS.

Impact

Since the Export Chat feature generates a separate document, an attacker can only inject code run from the null origin, restricting the impact.

However, the attacker can still potentially use the XSS to leak message contents. A malicious homeserver is a potential attacker since the affected inputs are controllable server-side.

Patches

This was patched in matrix-react-sdk 3.76.0.

Workarounds

None, other than not using the Export Chat feature.

References

N/A

References

WEB https://github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-c9vx-2g7w-rp65
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-37259
WEB https://github.com/matrix-org/matrix-react-sdk/commit/22fcd34c606f32129ebc967fc21f24fb708a98b8
PACKAGE https://github.com/matrix-org/matrix-react-sdk
WEB https://github.com/matrix-org/matrix-react-sdk/releases/tag/v3.76.0

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes