CVE-2020-6804

Summary

A reflected XSS vulnerability exists within the gateway, allowing an attacker to craft a specialized URL which could steal the user's authentication token. When combined with CVE-2020-6803, an attacker could fully compromise the system.

Affected Software

VendorProductVersion RangeStatus
MozillaWebThings Gateway0.3.0 < 0.3.0*affected
MozillaWebThings Gateway0.12.0 < 0.12.0affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)

Workarounds

  • Never share your gateway address publicly.
  • Never click on links which take you to your gateway, especially to the login page.

ADP Enrichment

CVE Program Container

Additional References

References