An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Psi+ (0.16.563.580 - 0.16.571.627).
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,CWE-346,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| psi-plus | psi+ | 0.16.563.580 |
| psi-plus | psi+ | 0.16.571.627 |