diff options
| author | Ashish SHUKLA <ashish@FreeBSD.org> | 2023-07-18 17:07:19 +0000 |
|---|---|---|
| committer | Ashish SHUKLA <ashish@FreeBSD.org> | 2023-07-18 17:08:40 +0000 |
| commit | 1ddd4b50924c8f6e2dfa62075587c52cd0263f45 (patch) | |
| tree | 8ba6ca1afb9c479be92534b6de8140d7dc4bd823 | |
| parent | 109fa9710a7ae792ebabcd5ca5fa71dd39a5f93d (diff) | |
| download | ports-1ddd4b50924c8f6e2dfa62075587c52cd0263f45.tar.gz ports-1ddd4b50924c8f6e2dfa62075587c52cd0263f45.zip | |
security/vuxml: Document www/element-web vulnerability
Security: CVE-2023-37259
Security: c70c3dc3-258c-11ee-b37b-901b0e9408dc
| -rw-r--r-- | security/vuxml/vuln/2023.xml | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index 9933364b3f5f..432b181ed6d3 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -1,3 +1,30 @@ + <vuln vid="c70c3dc3-258c-11ee-b37b-901b0e9408dc"> + <topic>element-web -- Cross site scripting in Export Chat feature</topic> + <affects> + <package> + <name>element-web</name> + <range><lt>1.11.36</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Matrix Developers reports:</p> + <blockquote cite="https://github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-c9vx-2g7w-rp65"> + <p>The Export Chat feature includes certain attacker-controlled elements in the + generated document without sufficient escaping, leading to stored XSS.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2023-37259</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2023-37259</url> + </references> + <dates> + <discovery>2023-07-18</discovery> + <entry>2023-07-18</entry> + </dates> + </vuln> + <vuln vid="b3f77aae-241c-11ee-9684-c11c23f7b0f9"> <topic>gitea -- multiple issues</topic> <affects> |