Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
matrix project vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-37259
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored Cross site scripting (XSS). Since the Expo...
Matrix-react-sdk Project Matrix-react-sdk
Matrix-react-sdk Project Matrix-react-sdk 3.76.0
6.5
CVSSv3
CVE-2022-39254
matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checkin...
Matrix-nio Project Matrix-nio
4.7
CVSSv3
CVE-2023-30609
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP client into a web page. Prior to version 3.71.0, plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching for a spe...
Matrix-react-sdk Project Matrix-react-sdk
8.2
CVSSv3
CVE-2023-28103
matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the `Object.prototype`, disrupting matrix-react-sdk functionality, causing denial o...
Matrix-react-sdk Project Matrix-react-sdk
NA
CVE-2015-5494
Cross-site scripting (XSS) vulnerability in the Webform Matrix Component module 7.x-4.x prior to 7.x-4.13 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
Webform Matrix Component Project Webform Matrix Component
7.5
CVSSv3
CVE-2021-25906
An issue exists in the basic_dsp_matrix crate prior to 0.9.2 for Rust. When a TransformContent panic occurs, a double drop can be performed.
Basic Dsp Matrix Project Basic Dsp Matrix
7.8
CVSSv3
CVE-2021-32622
Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip client into a web page. Before version 3.21.0, when uploading a file, the local file preview can lead to execution of scripts embedded in the uploaded file. This can only occur after several user interactions ...
Matrix-react-sdk Project Matrix-react-sdk
6.5
CVSSv3
CVE-2021-29453
matrix-media-repo is an open-source multi-domain media repository for Matrix. Versions 1.2.6 and previous versions of matrix-media-repo do not properly handle malicious images which are crafted to be small in file size, but large in complexity. A malicious user could upload a rel...
Matrix-media-repo Project Matrix-media-repo
4.3
CVSSv3
CVE-2021-21320
matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk before version 3.15.0, the user content sandbox can be abused to trick users into opening unexpected documents. The content is opened with a `blob` origin that cannot access Matrix ...
Matrix-react-sdk Project Matrix-react-sdk
9.8
CVSSv3
CVE-2017-17636
MLM Forced Matrix 2.0.9 has SQL Injection via the news-detail.php newid parameter.
Mlm Forced Matrix Project Mlm Forced Matrix 2.0.9
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »