Skip to content

HTML injection in search results via plaintext message highlighting

Moderate
andybalaam published GHSA-xv83-x443-7rmw Apr 25, 2023

Package

matrix-react-sdk (React)

Affected versions

<= 3.70.0

Patched versions

3.71.0

Description

Impact

Plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching for a specific message containing an HTML injection payload. No cross-site scripting attack is possible due to the hardcoded content security policy.

Patches

Version 3.71.0 of the SDK fixes the issue.

Workarounds

Restarting the client will clear the HTML injection.

Severity

Moderate
5.4
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
Low
User interaction
Required
Scope
Changed
Confidentiality
None
Integrity
Low
Availability
Low
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L

CVE ID

CVE-2023-30609

Weaknesses