CVE-2023-37259: Cross site scripting in Export Chat feature
First published: Tue Jul 18 2023(Updated: )
### Description The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored XSS. ### Impact Since the Export Chat feature generates a separate document, an attacker can only inject code run from the `null` origin, restricting the impact. However, the attacker can still potentially use the XSS to leak message contents. A malicious homeserver is a potential attacker since the affected inputs are controllable server-side. ### Patches This was patched in matrix-react-sdk 3.76.0. ### Workarounds None, other than not using the Export Chat feature. ### References N/A
Credit: security-advisories@github.com security-advisories@github.com security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| npm/matrix-react-sdk | >=3.32.0<3.76.0 | 3.76.0 |
| Matrix React SDK | >=3.32.0<3.76.0 | |
| Matrix React SDK | =3.76.0-rc1 | |
| Matrix React SDK | =3.76.0-rc2 |
Remedy
https://github.com/matrix-org/matrix-react-sdk/commit/22fcd34c606f32129ebc967fc21f24fb708a98b8
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/matrix-org/matrix-react-sdk/commit/22fcd34c606f32129ebc967fc21f24fb708a98b8
- https://github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-c9vx-2g7w-rp65
- https://github.com/matrix-org/matrix-react-sdk/releases/tag/v3.76.0
- https://nvd.nist.gov/vuln/detail/CVE-2023-37259
- https://github.com/advisories/GHSA-c9vx-2g7w-rp65 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2023-37259?
CVE-2023-37259 is considered a high severity vulnerability due to the potential for stored cross-site scripting (XSS) attacks.
How do I fix CVE-2023-37259?
To fix CVE-2023-37259, you should update the Matrix React SDK to version 3.76.0 or later.
What is stored XSS in the context of CVE-2023-37259?
Stored XSS in CVE-2023-37259 refers to the ability of an attacker to inject malicious scripts into generated documents via the Export Chat feature.
Which versions of the Matrix React SDK are affected by CVE-2023-37259?
CVE-2023-37259 affects Matrix React SDK versions between 3.32.0 and 3.76.0, inclusive.
Can CVE-2023-37259 affect user data security?
Yes, CVE-2023-37259 can compromise user data security by allowing attackers to execute scripts within the context of a user's session.
- collector/nvd-latest
- collector/github-advisory-latest
- alias/GHSA-c9vx-2g7w-rp65
- alias/CVE-2023-37259
- collector/github-advisory
- agent/first-publish-date
- agent/softwarecombine
- agent/type
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/title
- agent/remedy
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- agent/source
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-cve
- collector/nvd-index
- package-manager/npm
- vendor/matrix-react-sdk project
- canonical/matrix react sdk
- version/matrix react sdk/3.32.0
- version/matrix react sdk/3.76.0-rc1
- version/matrix react sdk/3.76.0-rc2