Medium severity5.9NVD Advisory· Published Feb 9, 2017· Updated May 13, 2026
CVE-2017-5605
CVE-2017-5605
Description
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Movim 0.8 - 0.10.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
movim/moxlPackagist | >= 0.8, <= 0.10 | — |
Affected products
4Patches
1838b0a42efc3https://github.com/movim/moxlvia ghsa
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
9- github.com/movim/moxl/commit/838b0a42efc3b67cc17d63e25ae1d0ea849cd89bnvdPatchWEB
- openwall.com/lists/oss-security/2017/02/09/29nvdExploitMailing ListThird Party AdvisoryWEB
- rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/nvdExploitTechnical DescriptionThird Party Advisory
- rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdfnvdExploitTechnical DescriptionThird Party AdvisoryWEB
- github.com/advisories/GHSA-hq38-v658-g3wpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-5605ghsaADVISORY
- web.archive.org/web/20170301232720/https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbonsghsaWEB
- web.archive.org/web/20210123225200/https://www.securityfocus.com/bid/96177ghsaWEB
- www.securityfocus.com/bid/96177nvd
News mentions
0No linked articles in our index yet.