CVE-2023-37259

Description

### Description The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored XSS. ### Impact Since the Export Chat feature generates a separate document, an attacker can only inject code run from the `null` origin, restricting the impact. However, the attacker can still potentially use the XSS to leak message contents. A malicious homeserver is a potential attacker since the affected inputs are controllable server-side. ### Patches This was patched in matrix-react-sdk 3.76.0. ### Workarounds None, other than not using the Export Chat feature. ### References N/A

How to fix CVE-2023-37259

To remediate CVE-2023-37259, upgrade the affected package to a fixed version below.

• —upgrade to 3.76.0 or later

Is CVE-2023-37259 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• >= 3.32.0, < 3.76.0

CVSS scores

References (5)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2023-37259
• PATCHgithub.com/matrix-org/matrix-react-sdk
• WEBgithub.com/matrix-org/matrix-react-sdk/commit/22fcd34c606f32129ebc967fc21f24fb708a98b8
• WEBgithub.com/matrix-org/matrix-react-sdk/releases/tag/v3.76.0