An issue exists in HiveMQ Broker Control Center 4.3.2. A crafted clientid parameter in an MQTT packet (sent to the Broker) is reflected in the client section of the management console. The attacker's JavaScript is loaded in a browser, which can lead to theft of the session and cookie of the administrator's account of the Broker.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
hivemq broker control center 4.3.2 |