Converse.js User Simulation Vulnerability

Converse.js is a free, open source XMPP chat client that runs in your browser. A security vulnerability exists in versions 0.8.0 through 1.0.6 and 2.0.0 through 2.0.4 of Converse.js due to the program's failure to properly implement "XEP-0280: Message Carbons". A remote attacker could exploit thi...

PT-2017-16594 · Slixmpp +5 · Slixmpp +6

Name of the Vulnerable Software and Affected Versions: yaxim and Bruno versions 0.8.6 through 0.8.8 SleekXMPP versions up to 1.3.1 Slixmpp versions up to 1.2.3 poezio versions 0.8 through 0.10 Movim versions 0.8 through 0.10 converse.js versions prior to 1.0.7 for 1.x or 2.0.5 for 2.x Description...