MEDIUM
Profanity Project
CVE published 2017-02-09
CVE-2017-5592
CVE-2017-5592 affects Profanity 0.4.7 through 0.5.0 and stems from an incorrect implementation of XEP-0280 Message Carbons. The practical risk is display impersonation: a remote attacker may be shown as another user, including a contact, which can enable social-engineering abuse and trust manipulation.