Tag
A remote authenticated attacker who shares a room with a victim can steal their Matrix access token by injecting a malicious emote pack, exploiting improper URL validation and service worker behavior in Cinny versions prior to 4.10.3.