FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

element-web -- Cross site scripting in Export Chat feature

Affected packages
element-web < 1.11.36

Details

VuXML ID c70c3dc3-258c-11ee-b37b-901b0e9408dc
Discovery 2023-07-18
Entry 2023-07-18

Matrix Developers reports:

The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored XSS.

[source]

References

CVE Name CVE-2023-37259
URL https://nvd.nist.gov/vuln/detail/CVE-2023-37259

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.