CVE-2017-5605Improper Input Validation in Moxl

CWE-20Improper Input ValidationCWE-346Origin Validation Error3 documents3 sources
Severity
5.9MEDIUMNVD
EPSS
0.3%
top 51.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Movim MoxlMovim
Timeline
PublishedFeb 9
Latest updateMay 17

Description

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Movim 0.8 - 0.10.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

Packagistmovim/moxl0.80.10
NVDmovim/movim4 versions+3

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
OSV
XMPP Clients User Impersonation Vulnerability in Movim Moxl2022-05-17
GHSA
XMPP Clients User Impersonation Vulnerability in Movim Moxl2022-05-17