← volver
CVE-2020-13821

CVE-2020-13821

EPSS 0.5%
An issue was discovered in HiveMQ Broker Control Center 4.3.2. A crafted clientid parameter in an MQTT packet (sent to the Broker) is reflected in the client section of the management console. The attacker's JavaScript is loaded in a browser, which can lead to theft of the session and cookie of the administrator's account of the Broker.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://payatu.com/advisory/hivemq-mqtt-broker---xss-over-mqtthttps://www.hivemq.com/blog/hivemq-4-3-3-released/