slixmpp and sleekxmpp are vulnerable to social engineering attacks via a loophole leading to impersonation. It happens due to a flaw in the implementation of XEP-0280: Message Carbons
in multiple XMPP clients, allowing a malicious user to impersonate any user, including contacts in the vulnerable application’s display.