MEDIUM
Jappix Project
CVE published 2017-02-09
CVE-2017-5602
CVE-2017-5602 affects Jappix 1.0.0 through 1.1.6 and stems from an incorrect implementation of XEP-0280 Message Carbons. A remote attacker can cause the application to display messages as if they came from another user, including contacts, which can mislead users and support social engineering attacks.