Headline
GHSA-xv83-x443-7rmw: HTML injection in search results via plaintext message highlighting
Impact
Plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching for a specific message containing an HTML injection payload. No cross-site scripting attack is possible due to the hardcoded content security policy.
Patches
Version 3.71.0 of the SDK patches over the issue.
Workarounds
Restarting the client will clear the HTML injection.
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2023-30609
HTML injection in search results via plaintext message highlighting
Moderate severity GitHub Reviewed Published Apr 25, 2023 in matrix-org/matrix-react-sdk • Updated Apr 25, 2023
Package
npm matrix-react-sdk (npm)
Affected versions
< 3.71.0
Impact
Plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching for a specific message containing an HTML injection payload. No cross-site scripting attack is possible due to the hardcoded content security policy.
Patches
Version 3.71.0 of the SDK patches over the issue.
Workarounds
Restarting the client will clear the HTML injection.
References
- GHSA-xv83-x443-7rmw
Published to the GitHub Advisory Database
Apr 25, 2023
Last updated
Apr 25, 2023
Related news
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP client into a web page. Prior to version 3.71.0, plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching for a specific message containing an HTML injection payload. No cross-site scripting attack is possible due to the hardcoded content security policy. Version 3.71.0 of the SDK patches over the issue. As a workaround, restarting the client will clear the HTML injection.