1337day-Exploits Posted May 26, 2022 Share Posted May 26, 2022 Tigase XMPP server suffers from a security vulnerability due to not escaping double quote character when serializing parsed XML. This can be used to smuggle (or, if you prefer, inject) an arbitrary attacker-controlled stanza in the XMPP server's output stream. A malicious client can abuse this vulnerability to send arbitrary XMPP stanzas to another client (including the control stanzas that are only meant to be sent by the server). This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Recommended Posts