Multiple vulnerabilities have been discovered in the Dino XMPP client, which could allow spoofing message, manipulation of a user"s roster and unauthorised sending of message carbons.