78 matches found
CVE-2024-47824 Malicious homeservers can steal message keys when the matrix-react-sdk user invites another user to a room
matrix-react-sdk is react-based software development kit for inserting a Matrix chat/VOIP client into a web page. Starting in version 3.18.0 and before 3.102.0, matrix-react-sdk allows a malicious homeserver to potentially steal message keys for a room when a user invites another user to that roo...
CVE-2024-47824 Malicious homeservers can steal message keys when the matrix-react-sdk user invites another user to a room
matrix-react-sdk is react-based software development kit for inserting a Matrix chat/VOIP client into a web page. Starting in version 3.18.0 and before 3.102.0, matrix-react-sdk allows a malicious homeserver to potentially steal message keys for a room when a user invites another user to that roo...
matrix-react-sdk 信息泄露漏洞
matrix-react-sdk is a Matrix open source component for inserting the Matrix chat/voip client into web pages. An information disclosure vulnerability exists in matrix-react-sdk, which stems from the fact that matrix-react-sdk shares a history message key at invite time...
Information Disclosure
matrix-react-sdk is vulnerable to Information Disclosure. The vulnerability is due to a malicious homeserver manipulating a user's account data to enable URL previews in encrypted rooms, causing any URLs in encrypted messages to be sent to the server. Attackers can use this to intercept URLs in...
CVE-2024-42347 URL preview setting for a room is controllable by the homeserver in matrix-react-sdk
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the...
CVE-2024-42347 URL preview setting for a room is controllable by the homeserver in matrix-react-sdk
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the...
matrix-react-skin (>=0.0.1 <=0.0.2), vector-web (=0.3.0) potentially affected by CVE-2024-42347 via matrix-react-sdk (>=0.0.1 <=0.2.0)
matrix-react-sdk NPM version =0.0.1, =0.0.1, =0.0.2 - vector-web =0.3.0 Source cves: CVE-2024-42347 Source advisory: OSV:GHSA-F83W-WQHC-CFP4...
GHSA-F83W-WQHC-CFP4 Matrix SDK for React's URL preview setting for a room is controllable by the homeserver
Impact A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the server. Even if the CVSS score would be 4.1 AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N the...
PT-2024-7453 · Unknown · Matrix-React-Sdk
Name of the Vulnerable Software and Affected Versions: matrix-react-sdk versions 3.18.0 through 3.101.9 Description: The issue is related to insufficient protection of service data, allowing a malicious homeserver to potentially steal message keys for a room when a user invites another user to th...
CVE-2023-37259
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored Cross site scripting XSS. Since the Export Chat feature...
CVE-2023-37259 Cross site scripting in Export Chat feature
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored Cross site scripting XSS. Since the Export Chat feature...
CVE-2023-37259 Cross site scripting in Export Chat feature
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored Cross site scripting XSS. Since the Export Chat feature...
CVE-2023-37259
CVE-2023-37259 affects matrix-react-sdk. The Export Chat feature injects attacker-controlled elements into a generated document without proper escaping, causing stored XSS. The exploit runs from the null origin (document-only context) but can be used to leak message contents; a malicious homeserv...
CVE-2023-37259 Cross site scripting in Export Chat feature
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored Cross site scripting XSS. Since the Export Chat feature...
matrix-react-sdk 跨站脚本漏洞
matrix-react-sdk is a Matrix open source component for inserting the Matrix chat/voip client into web pages. A cross-site scripting vulnerability exists in matrix-react-sdk versions 3.32.0 through 3.76.0, which stems from the Export Chat feature containing certain attacker-controlled elements in...
HTML Injection
matrix-react-sdk is vulnerable to HTML Injection. The vulnerability exists in the bodyToHtml function of HtmlUtils.tsx because it does not escape the plainBody parameter of the highlighter attribute, which allows an attacker to inject and execute malicious plaintext messages with HTML payloads...
FreeBSD : element-web -- matrix-react-sdk vulnerable to HTML injection in search results via plaintext message highlighting (c676bb1b-e3f8-11ed-b37b-901b0e9408dc)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c676bb1b-e3f8-11ed-b37b-901b0e9408dc advisory. - matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP client into a web page. Prior ...
CVE-2023-30609 matrix-react-sdk vulnerable to HTML injection in search results via plaintext message highlighting
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP client into a web page. Prior to version 3.71.0, plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching for a specific message...
CVE-2023-30609
The CVE-2023-30609 issue affects matrix-react-sdk prior to version 3.71.0, where plain text messages containing HTML tags rendered in search results are treated as HTML. Exploitation requires tricking a user into searching for a specific message containing an HTML payload; the vulnerability is mi...
CVE-2023-30609 matrix-react-sdk vulnerable to HTML injection in search results via plaintext message highlighting
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP client into a web page. Prior to version 3.71.0, plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching for a specific message...