CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

53 matches found

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2022-4192

Malicious code in bioql PyPI...

5.9CVSS6AI score0.00253EPSS

Exploits3References8

Github Security Blog•added 2022/05/13 1:28 a.m.•20 views

SleekXMPP and Slixmpp Incorrect Implementation of Message Carbons

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for SleekXMPP up to 1.3.1 and...

5.9CVSS6.9AI score0.00405EPSS

Exploits3References13Affected Software2

CVE•added 2021/02/01 1:2 a.m.•53 views

CVE-2020-26547

Monal

9.8CVSS9.1AI score0.00207EPSS

Exploits0References2Affected Software1

Cvelist•added 2021/02/01 1:2 a.m.•9 views

CVE-2020-26547

Monal before 4.9 does not implement proper sender verification on MAM and Message Carbon XEP-0280 results. This allows a remote attacker able to send stanzas to a victim to inject arbitrary messages into the local history, with full control over the sender and receiver displayed to the victim...

9.3AI score0.00207EPSS

Exploits0References2

Github Security Blog•added 2020/09/11 9:19 p.m.•26 views

User Impersonation in converse.js

Versions of converse.js prior to 1.0.7 for 1.x or 2.0.5 for 2.x are vulnerable to User Impersonation. The package provides an incorrect implementation of XEP-0280: Message Carbons that allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display...

5.9CVSS5.7AI score0.00253EPSS

Exploits2References10Affected Software1

OSV•added 2020/09/11 9:19 p.m.•16 views

GHSA-W973-2QCC-P78X User Impersonation in converse.js

5.9CVSS5.7AI score0.00253EPSS

Exploits3References10

OSV•added 2019/09/11 7:15 p.m.•14 views

CVE-2019-16235

Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep/0280messagecarbons.vala...

7.5CVSS6.6AI score

Exploits0References9

Prion•added 2019/09/11 7:15 p.m.•19 views

Code injection

Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep/0280messagecarbons.vala...

5CVSS7.4AI score0.00265EPSS

Exploits1References9Affected Software4

OSV•added 2019/09/11 7:15 p.m.•0 views

UBUNTU-CVE-2019-16235

Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep/0280messagecarbons.vala...

7.5CVSS7.1AI score0.00265EPSS

Exploits1References4

Slackware Linux•added 2017/03/24 5:44 a.m.•30 views

[slackware-security] mcabber

New mcabber packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/mcabber-1.0.5-i586-1slack14.2.txz: Upgraded. This update fixes a security issue: An incorrect implementation of XEP-028...

5.9CVSS5.9AI score0.00253EPSS

Exploits2

Mageia•added 2017/02/18 4:29 p.m.•30 views

Updated jitsi packages fix security vulnerability

An incorrect implementation of XEP-0280: Message Carbons in Jitsi and other XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks CVE-2017-5603...

5.9CVSS5.5AI score0.00298EPSS

Exploits2References2

Veracode•added 2017/02/10 1:55 a.m.•24 views

Social Engineering Attack Via Impersonation

slixmpp and sleekxmpp are vulnerable to social engineering attacks via a loophole leading to impersonation. It happens due to a flaw in the implementation of XEP-0280: Message Carbons in multiple XMPP clients, allowing a malicious user to impersonate any user, including contacts in the vulnerable...

5.9CVSS5.6AI score0.00405EPSS

Exploits3References5Affected Software2

Veracode•added 2017/02/10 12:48 a.m.•13 views

Social Engineering Attacks Via Impersonation

converse.js is vulnerable to various social engineering attacks via a loophole leading to impersonation. It can happen due to a flaw in implementation of XEP-0280: Message Carbons in multiple XMPP clients, allowing malicious user to impersonate any user, including contacts, in the vulnerable...

5.9CVSS5.6AI score0.00253EPSS

Exploits3References4Affected Software1

0day.today•added 2017/02/10 12:0 a.m.•106 views

XMPP Clients User Impersonation Vulnerability

Exploit for multiple platform in category local exploits Multiple XMPP Clients User Impersonation Vulnerability Summary ------- An incorrect implementation of XEP-0280: Message Carbons0 in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerabl...

4.3CVSS5.9AI score0.02715EPSS

Exploits13

CNVD•added 2017/02/10 12:0 a.m.•2 views

mcabber user emulation vulnerability

mcabber is an XMPP Jabber console client. A user emulation vulnerability exists in mcabber. The vulnerability exists because the program fails to properly implement "XEP-0280: Message Carbons". A remote attacker can exploit this vulnerability to impersonate an arbitrary user...

5.9CVSS7.1AI score0.00253EPSS

Exploits3References1

Prion•added 2017/02/09 8:59 p.m.•13 views

Design/Logic Flaw

4.3CVSS5.6AI score0.00245EPSS

Exploits3References5Affected Software1

Prion•added 2017/02/09 8:59 p.m.•18 views

Design/Logic Flaw

4.3CVSS5.6AI score0.00405EPSS

Exploits3References5Affected Software3

OSV•added 2017/02/09 8:59 p.m.•7 views

CVE-2017-5858