Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.7
CVSSv3

CVE-2023-30609

Published: 25/04/2023 Updated: 08/05/2023
CVSS v3 Base Score: 4.7 | Impact Score: 1.4 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Matrix-react-sdk

Vulnerability Summary

matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP client into a web page. Prior to version 3.71.0, plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching for a specific message containing an HTML injection payload. No cross-site scripting attack is possible due to the hardcoded content security policy. Version 3.71.0 of the SDK patches over the issue. As a workaround, restarting the client will clear the HTML injection.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

matrix-react-sdk project matrix-react-sdk

References

CWE-74https://github.com/matrix-org/matrix-react-sdk/commit/bf182bc94556849d7acdfa0e5fdea2aa129ea826https://github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-xv83-x443-7rmwhttps://github.com/matrix-org/matrix-react-sdk/releases/tag/v3.71.0https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook