JC Brand

1 exploit Active since Feb 2017
CVE-2017-5858 WRITEUP MEDIUM WRITEUP
converse.js 0.8.0-1.0.6 2.0.0-2.0.4 - User Impersonation via XEP-0280 Message Carbons
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Converse.js (0.8.0 - 1.0.6, 2.0.0 - 2.0.4).
CVSS 5.9