CVE-2017-5858
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Converse.js (0.8.0 - 1.0.6, 2.0.0 - 2.0.4).Enginsight
Vendor | Product | Version |
---|---|---|
conversejs | converse.js | 0.8.0 |
conversejs | converse.js | 0.8.1 |
conversejs | converse.js | 0.8.2 |
conversejs | converse.js | 0.8.3 |
conversejs | converse.js | 0.8.4 |
conversejs | converse.js | 0.8.5 |
conversejs | converse.js | 0.8.6 |
conversejs | converse.js | 0.9.0 |
conversejs | converse.js | 0.9.1 |
conversejs | converse.js | 0.9.2 |
conversejs | converse.js | 0.9.3 |
conversejs | converse.js | 0.9.4 |
conversejs | converse.js | 0.9.5 |
conversejs | converse.js | 0.9.6 |
conversejs | converse.js | 0.10.0 |
conversejs | converse.js | 0.10.1 |
conversejs | converse.js | 1.0.0 |
conversejs | converse.js | 1.0.1 |
conversejs | converse.js | 1.0.2 |
conversejs | converse.js | 1.0.3 |
conversejs | converse.js | 1.0.4 |
conversejs | converse.js | 1.0.5 |
conversejs | converse.js | 1.0.6 |
conversejs | converse.js | 2.0.0 |
conversejs | converse.js | 2.0.1 |
conversejs | converse.js | 2.0.2 |
conversejs | converse.js | 2.0.3 |
conversejs | converse.js | 2.0.4 |
Common Weakness Enumeration