2020-08-26 15:23:46
mitre
PUBLISHED
An issue was discovered in HiveMQ Broker Control Center 4.3.2. A crafted clientid parameter in an MQTT packet (sent to the Broker) is reflected in the client section of the management console. The attackers JavaScript is loaded in a browser, which can lead to theft of the session and cookie of the administrators account of the Broker.