Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Monal Subscribe
Filtered by product Monal
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-26547 1 Monal 1 Monal 2021-02-05 5.0 MEDIUM 9.8 CRITICAL
Monal before 4.9 does not implement proper sender verification on MAM and Message Carbon (XEP-0280) results. This allows a remote attacker (able to send stanzas to a victim) to inject arbitrary messages into the local history, with full control over the sender and receiver displayed to the victim.