3 matches found
CVE-2023-37259
CVE-2023-37259 affects matrix-react-sdk. The Export Chat feature injects attacker-controlled elements into a generated document without proper escaping, causing stored XSS. The exploit runs from the null origin (document-only context) but can be used to leak message contents; a malicious homeserv...
CVE-2023-37259 Cross site scripting in Export Chat feature
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored Cross site scripting XSS. Since the Export Chat feature...
FreeBSD : element-web -- Cross site scripting in Export Chat feature (c70c3dc3-258c-11ee-b37b-901b0e9408dc)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c70c3dc3-258c-11ee-b37b-901b0e9408dc advisory. - Since the Export Chat feature generates a separate document, an attacker can only inject code run fro...