RSS   Vulnerabilities for 'Broker control center'   RSS

2020-08-26
 
CVE-2020-13821

CWE-79
 

 
An issue was discovered in HiveMQ Broker Control Center 4.3.2. A crafted clientid parameter in an MQTT packet (sent to the Broker) is reflected in the client section of the management console. The attacker's JavaScript is loaded in a browser, which can lead to theft of the session and cookie of the administrator's account of the Broker.

 


Copyright 2024, cxsecurity.com

 

Back to Top