Security Advisory

CVE-2017-5858

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2017-02-09 20:00:00
Last updated 2024-08-05 15:11:48
Assigner mitre
State PUBLISHED

Description

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable applications display. This allows for various kinds of social engineering attacks. This CVE is for Converse.js (0.8.0 - 1.0.6, 2.0.0 - 2.0.4).