5 matches found
CVE-2021-21320
CVE-2021-21320 affects the matrix-react-sdk (Matrix React SDK) before version 3.15.0, where the user content sandbox could be abused to trigger opening unexpected documents. The issue involves a blob-origin handling scenario that, per sources, cannot access Matrix user data, so messages and secre...
CVE-2023-30609
The CVE-2023-30609 issue affects matrix-react-sdk prior to version 3.71.0, where plain text messages containing HTML tags rendered in search results are treated as HTML. Exploitation requires tricking a user into searching for a specific message containing an HTML payload; the vulnerability is mi...
CVE-2023-28103
CVE-2023-28103 affects matrix-react-sdk (Matrix JS/React SDK). In certain configurations, data from remote servers containing special strings in key locations could cause prototype pollution by modifying Object.prototype, disrupting sdk functionality and potentially causing denial of service or l...
CVE-2021-32622
CVE-2021-32622 affects the Matrix-React-SDK (Matrix-React-SDK) prior to version 3.21.0. The vulnerability arises during file uploads: when a user previews an uploaded file, scripts embedded in the file can execute, but only for the local user and only after several user interactions to open the p...
CVE-2023-37259
CVE-2023-37259 affects matrix-react-sdk. The Export Chat feature injects attacker-controlled elements into a generated document without proper escaping, causing stored XSS. The exploit runs from the null origin (document-only context) but can be used to leak message contents; a malicious homeserv...