CVE-2020-6804
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A reflected XSS vulnerability exists within the gateway, allowing an attacker to craft a specialized URL which could steal the user's authentication token. When combined with CVE-2020-6803, an attacker could fully compromise the system.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mozilla | WebThings Gateway | 0.3.0 < 0.3.0* | affected |
| Mozilla | WebThings Gateway | 0.12.0 < 0.12.0 | affected |
Weaknesses
- CWE-79: CWE-79 Cross-site Scripting (XSS)
Workarounds
- Never share your gateway address publicly.
- Never click on links which take you to your gateway, especially to the login page.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.