rdiffweb is vulnerable to content spoofing. An attacker can deliver professionally crafted visual defacements to the right recipients convincingly and provide misleading information to the victims due to improper processing and rendering of user-supplied inputs.