converse.js (npm) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package converse.js, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (2)
CVE-2017-5858 — CVSS 5.9 (medium): An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user…
CVE-2018-6591 — CVSS 5.3 (medium): Converse.js and Inverse.js through 3.3 allow remote attackers to obtain sensitive information because it is too difficult to determine…