CVE-2023-37259

Cross site scripting in Export Chat feature

Severity Score

5.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored Cross site scripting (XSS). Since the Export Chat feature generates a separate document, an attacker can only inject code run from the `null` origin, restricting the impact. However, the attacker can still potentially use the XSS to leak message contents. A malicious homeserver is a potential attacker since the affected inputs are controllable server-side. This issue has been addressed in commit `22fcd34c60` which is included in release version 3.76.0. Users are advised to upgrade. The only known workaround for this issue is to disable or to not use the Export Chat feature.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-06-29 CVE Reserved
2023-07-18 CVE Published
2024-07-24 EPSS Updated
2024-10-18 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (2)

URL	Tag	Source
https://github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-c9vx-2g7w-rp65	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://github.com/matrix-org/matrix-react-sdk/commit/22fcd34c606f32129ebc967fc21f24fb708a98b8	2023-07-27

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Matrix-react-sdk Project Search vendor "Matrix-react-sdk Project"		Matrix-react-sdk Search vendor "Matrix-react-sdk Project" for product "Matrix-react-sdk"				>= 3.32.0 < 3.76.0 Search vendor "Matrix-react-sdk Project" for product "Matrix-react-sdk" and version " >= 3.32.0 < 3.76.0"		node.js		Affected
Matrix-react-sdk Project Search vendor "Matrix-react-sdk Project"		Matrix-react-sdk Search vendor "Matrix-react-sdk Project" for product "Matrix-react-sdk"				3.76.0 Search vendor "Matrix-react-sdk Project" for product "Matrix-react-sdk" and version "3.76.0"		rc1, node.js		Affected
Matrix-react-sdk Project Search vendor "Matrix-react-sdk Project"		Matrix-react-sdk Search vendor "Matrix-react-sdk Project" for product "Matrix-react-sdk"				3.76.0 Search vendor "Matrix-react-sdk Project" for product "Matrix-react-sdk" and version "3.76.0"		rc2, node.js		Affected