Corrective releases of the Dino 0.4.2, 0.3.2, and 0.2.3 communications client have been published, supporting chat, audio calls, video calls, video conferencing, and text messaging using the Jabber/XMPP protocol. The updates fix a vulnerability (CVE-2023-28686) that could allow an unauthorized user to send a specially crafted message to add, change, or delete entries in another user's personal bookmarks without the victim having to take any action. In addition, the vulnerability allows you to change the display of group chats or forcibly connect or disconnect a user from a specific group chat, as well as mislead the user into gaining access to confidential information.
Source: opennet.ru