Vulnerabilities

CVE-2020-13821

by Fred · 26/08/2020

An issue was discovered in HiveMQ Broker Control Center 4.3.2. A crafted clientid parameter in an MQTT packet (sent to the Broker) is reflected in the client section of the management console. The attacker’s JavaScript is loaded in a browser, which can lead to theft of the session and cookie of the administrator’s account of the Broker.

Date published : 2020-08-26

https://www.hivemq.com/blog/hivemq-4-3-3-released/

https://payatu.com/advisory/hivemq-mqtt-broker—xss-over-mqtt

Similar

Tags: Cybersecurity Alert