AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the /_matrix/client/r0/auth//fallback/web or /_matrix/client/unstable/auth//fallback/web Synapse endpoints.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Alpine | edge-community | noarch | synapse | < 1.21.1-r0 | UNKNOWN |
Alpine | 3.13-community | noarch | synapse | < 1.21.1-r0 | UNKNOWN |
Alpine | 3.14-community | noarch | synapse | < 1.21.1-r0 | UNKNOWN |
Alpine | 3.15-community | noarch | synapse | < 1.21.1-r0 | UNKNOWN |
Alpine | 3.16-community | noarch | synapse | < 1.21.1-r0 | UNKNOWN |
Alpine | 3.17-community | noarch | synapse | < 1.21.1-r0 | UNKNOWN |
Alpine | 3.18-community | noarch | synapse | < 1.21.1-r0 | UNKNOWN |
Alpine | 3.19-community | noarch | synapse | < 1.21.1-r0 | UNKNOWN |