Hivemq: >> Broker Control Center >> 4.3.2 Security Vulnerabilities
An issue was discovered in HiveMQ Broker Control Center 4.3.2. A crafted clientid parameter in an MQTT packet (sent to the Broker) is reflected in the client section of the management console. The attacker's JavaScript is loaded in a browser, which can lead to theft of the session and cookie of the administrator's account of the Broker.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-08-26