RSS   Vulnerabilities for 'Monal'   RSS

2021-02-01
 
CVE-2020-26547

CWE-345
 

 
Monal before 4.9 does not implement proper sender verification on MAM and Message Carbon (XEP-0280) results. This allows a remote attacker (able to send stanzas to a victim) to inject arbitrary messages into the local history, with full control over the sender and receiver displayed to the victim.

 


Copyright 2024, cxsecurity.com

 

Back to Top