MovimCVEs & Vulnerabilities
2 CVEs affecting Movim products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.
2 CVEs→ All vendors
Most Affected Products
movim 5
CVE-2023-2848HIGH
Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation.
14 Sep 2023
8.8
CVSS
CVE-2017-5605MEDIUM
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Movim 0.8 - 0.10.
9 Feb 2017
5.9
CVSS
← PrevPage 1 / 1Next →