Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in HiveMQ Broker Control Center 4.3.2. A crafted clientid parameter in an MQTT packet (sent to the Broker) is reflected in the client section of the management console. The attacker's JavaScript is loaded in a browser, which can lead to theft of the session and cookie of the administrator's account of the Broker.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
HiveMQ Broker Control Center 跨站脚本漏洞
Vulnerability Description
HiveMQ Broker Control Center是HiveMQ公司的一个控制中心。它提供了一个仪表板,用于监控HiveMQ集群节点的健康状况、客户端概览和每个客户端会话的详细客户端视图 HiveMQ Broker Control Center 4.3.2版本存在跨站脚本漏洞,该漏洞源于MQTT数据包中的精心设计的clientid参数(发送给Broker)反映在管理控制台的client部分中。攻击者的JavaScript被加载到浏览器中,这可能导致会话的窃取和Broker管理员帐户的cookie。
CVSS Information
N/A
Vulnerability Type
N/A