CVE-2017-5606
The CVE concerns Xabber on Android (1.0.30, 1.0.30 VIP, beta 1.0.3–1.0.74) with an incorrect implementation of XEP-0280: Message Carbons. The vulnerability enables a remote attacker to impersonate any user, including the attacker’s contacts, in the vulnerable app display, enabling social‑engineer...