MEDIUM
Movim
CVE published 2017-02-09
CVE-2017-5605
CVE-2017-5605 affects Movim 0.8 through 0.10 and is rooted in an incorrect implementation of XEP-0280 Message Carbons. The practical impact is display-level impersonation: a remote attacker can make the application show messages as if they came from another user, including contacts, which creates a clear social-engineering risk. NVD classifies the issue as medium severity (CVSS 3.0 5.9) with high integrit [truncated]