Skip to main content

Movim

2 CVEs product

Monthly

CVE-2023-2848 HIGH PATCH This Week

Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Movim
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2017-5605 PHP MEDIUM POC PATCH This Month

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Movim
NVD GitHub
CVSS 3.0
5.9
EPSS
0.3%
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Movim
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM POC PATCH This Month

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Movim
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy