CVE-2020-13821
N/A
N/A
Summary
An issue was discovered in HiveMQ Broker Control Center 4.3.2. A crafted clientid parameter in an MQTT packet (sent to the Broker) is reflected in the client section of the management console. The attacker's JavaScript is loaded in a browser, which can lead to theft of the session and cookie of the administrator's account of the Broker.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://payatu.com/advisory/hivemq-mqtt-broker—xss-over-mqtt
- https://www.hivemq.com/blog/hivemq-4-3-3-released/
References
- https://payatu.com/advisory/hivemq-mqtt-broker—xss-over-mqtt
- https://www.hivemq.com/blog/hivemq-4-3-3-released/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.