FreeBSD : element-web -- matrix-react-sdk vulnerable to HTML injection in search results via plaintext message highlighting (c676bb1b-e3f8-11ed-b37b-901b0e9408dc)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c676bb1b-e3f8-11ed-b37b-901b0e9408dc advisory. - matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP client into a web page. Prior ...

Malicious code in nlp-react-native (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2ef6692095c28b968172ac45d43937a7bfe30267c7c27add946d2534ad6c7e24 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-626 Malicious code in nlp-react-native (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2ef6692095c28b968172ac45d43937a7bfe30267c7c27add946d2534ad6c7e24 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-30609 matrix-react-sdk vulnerable to HTML injection in search results via plaintext message highlighting

matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP client into a web page. Prior to version 3.71.0, plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching for a specific message...

CVE-2023-30609 matrix-react-sdk vulnerable to HTML injection in search results via plaintext message highlighting

matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP client into a web page. Prior to version 3.71.0, plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching for a specific message...

CVE-2023-30609

matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP client into a web page. Prior to version 3.71.0, plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching for a specific message...

CVE-2023-30609 matrix-react-sdk vulnerable to HTML injection in search results via plaintext message highlighting

matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP client into a web page. Prior to version 3.71.0, plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching for a specific message...

CVE-2023-30609

The CVE-2023-30609 issue affects matrix-react-sdk prior to version 3.71.0, where plain text messages containing HTML tags rendered in search results are treated as HTML. Exploitation requires tricking a user into searching for a specific message containing an HTML payload; the vulnerability is mi...

matrix-react-skin (>=0.0.1 <=0.0.2), vector-web (=0.3.0) potentially affected by CVE-2023-30609 via matrix-react-sdk (>=0.0.1 <=0.2.0)

matrix-react-sdk NPM version =0.0.1, =0.0.1, =0.0.2 - vector-web =0.3.0 Source cves: CVE-2023-30609 Source advisory: OSV:GHSA-XV83-X443-7RMW...

element-web -- matrix-react-sdk vulnerable to HTML injection in search results via plaintext message highlighting

Matrix developers report: matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP client into a web page. Prior to version 3.71.0, plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching...

Race Condition

@web3-react is vulnerable to a Race Condition. In the event that the user switches chains during the connection flow, the chainId may become outdated, making any data generated from it potentially inaccurate. An application that swaps between chains for instance, can cause the user to tokens mone...

MAL-2023-732 Malicious code in react-pop-tooltip (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 82e661a58f3aee5ad272c3708af6c6e28dc3abe886645d487831298be30ff64e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-pop-tooltip (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 82e661a58f3aee5ad272c3708af6c6e28dc3abe886645d487831298be30ff64e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@aprilsacil/wallet (>=0.1.36 <=0.1.51), @chainfuse/react (>=0.0.46 <=0.1.0-dev.96) +40 more potentially affected by CVE-2023-30543 via @web3-react/walletconnect (>=8.0.23-beta.0 <=8.0.36-beta.0)

@web3-react/walletconnect NPM version =8.0.23-beta.0, =0.1.36, =0.0.46, =0.0.70, =1.0.0, =0.0.1, =1.0.0, =0.0.1, =1.1.0, =0.0.3, =1.0.0, =0.0.6-alpha.0, =0.0.12 - @huma-finance/widgets =0.0.6-alpha.0 - @huma-shan/shared =0.0.1 and more Source cves: CVE-2023-30543 Source advisory:...

@aprilsacil/wallet (>=0.1.36 <=0.1.51), @bosonprotocol/react-kit (>=0.1.0-alpha.0 <=0.1.0-alpha.2) +43 more potentially affected by CVE-2023-30543 via @web3-react/metamask (>=8.0.14-beta.0 <=8.0.28-beta.0)

@web3-react/metamask NPM version =8.0.14-beta.0, =0.1.36, =0.1.0-alpha.0, =0.0.46, =0.0.70, =1.0.0, =1.0.0, =0.0.1, =1.1.0, =0.0.3, =1.0.0, =1.0.0, =0.0.6-alpha.0, =0.0.12 - @huma-finance/widgets =0.0.6-alpha.0 and more Source cves: CVE-2023-30543 Source advisory: OSV:GHSA-8PF3-6FGR-3G3G...

GHSA-8PF3-6FGR-3G3G `chainId` may be outdated if user changes chains as part of connection in @web3-react

Impact chainId may be outdated if the user changes chains as part of the connection flow. This means that the value of chainId returned by useWeb3React may be incorrect. In an application, this means that any data derived from chainId could be incorrect. For example, if a swapping application...

@aprilsacil/wallet (>=0.1.36 <=0.1.51), @axelraag/frigg-uniswap-widgets (>=0.0.11 <=0.12.0) +35 more potentially affected by CVE-2023-30543 via @web3-react/eip1193 (>=8.0.11-beta.0 <=8.0.26-beta.0)

@web3-react/eip1193 NPM version =8.0.11-beta.0, =0.1.36, =0.0.11, =0.0.1-alpha.0, =0.0.46, =0.0.70, =1.0.0, =0.0.1, =1.1.0, =0.0.3, =0.12.0, =0.0.6-alpha.0, =0.0.12 - @huma-finance/widgets =0.0.6-alpha.0 - @huma-shan/shared =0.0.1 - @huma-shan/superfluid-widget =0.0.1 and more Source cves:...

`chainId` may be outdated if user changes chains as part of connection in @web3-react

Impact chainId may be outdated if the user changes chains as part of the connection flow. This means that the value of chainId returned by useWeb3React may be incorrect. In an application, this means that any data derived from chainId could be incorrect. For example, if a swapping application...

@aprilsacil/wallet (>=0.1.36 <=0.1.51), @chainfuse/react (>=0.0.46 <=0.1.0-dev.96) +15 more potentially affected by CVE-2023-30543 via @web3-react/coinbase-wallet (>=8.0.31-beta.0 <=8.0.34-beta.0)

@web3-react/coinbase-wallet NPM version =8.0.31-beta.0, =0.1.36, =0.0.46, =0.0.70, =0.0.6-alpha.0, =0.1.0, =0.0.1, =0.1.0, =0.13.29, =0.1.20, =0.0.1, =0.0.2, =0.0.11, =0.1.31 and more Source cves: CVE-2023-30543 Source advisory: OSV:GHSA-8PF3-6FGR-3G3G...

CVE-2023-30543

@web3-react is a framework for building Ethereum Apps . In affected versions the chainId may be outdated if the user changes chains as part of the connection flow. This means that the value of chainId returned by useWeb3React may be incorrect. In an application, this means that any data derived...