VYPR

rpm package

opensuse/element-web&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/element-web&distro=openSUSE%20Tumbleweed

Vulnerabilities (14)

  • CVE-2025-59161LowSep 16, 2025
    affected < 1.11.112-1.1fixed 1.11.112-1.1

    Element Web is a Matrix web client built using the Matrix React SDK. Element Web and Element Desktop before version 1.11.112 have insufficient validation of room predecessor links, allowing a remote attacker to attempt to impermanently replace a room's entry in the room list with

  • CVE-2024-47771HigOct 15, 2024
    affected < 1.11.81-1.1fixed 1.11.81-1.1

    Element Desktop is a Matrix client for desktop platforms. Element Desktop versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified in

  • CVE-2024-42369Aug 20, 2024
    affected < 1.11.75-1.1fixed 1.11.75-1.1

    matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the c

  • CVE-2024-42347Aug 6, 2024
    affected < 1.11.73-1.1fixed 1.11.73-1.1

    matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages wou

  • CVE-2023-37259Jul 18, 2023
    affected < 1.11.36-1.1fixed 1.11.36-1.1

    matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored Cross site scripting (XSS). Since the Expo

  • CVE-2023-30609Apr 25, 2023
    affected < 1.11.30-1.1fixed 1.11.30-1.1

    matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP client into a web page. Prior to version 3.71.0, plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching for a spe

  • CVE-2023-2251Apr 24, 2023
    affected < 1.11.30-2.1fixed 1.11.30-2.1

    Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-5.

  • CVE-2023-28427Mar 28, 2023
    affected < 1.11.26-1.1fixed 1.11.26-1.1

    matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to

  • CVE-2022-36059Mar 28, 2023
    affected < 1.11.4-1.1fixed 1.11.4-1.1

    matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to

  • CVE-2022-39250Sep 29, 2022
    affected < 1.11.8-1.1fixed 1.11.8-1.1

    Matrix JavaScript SDK is the Matrix Client-Server software development kit (SDK) for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identit

  • CVE-2022-39251Sep 28, 2022
    affected < 1.11.8-1.1fixed 1.11.8-1.1

    Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Addit

  • CVE-2022-39249Sep 28, 2022
    affected < 1.11.8-1.1fixed 1.11.8-1.1

    Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms,

  • CVE-2022-39236Sep 28, 2022
    affected < 1.11.8-1.1fixed 1.11.8-1.1

    Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note th

  • CVE-2022-23597Feb 1, 2022
    affected < 1.9.9-1.1fixed 1.9.9-1.1

    Element Desktop is a Matrix client for desktop platforms with Element Web at its core. Element Desktop before 1.9.7 is vulnerable to a remote program execution bug with user interaction. The exploit is non-trivial and requires clicking on a malicious link, followed by another but