Technical
Advisory

Through sharp, technical and insightful analysis, the Payatu Team is constantly on the lookout for vulnerabilities and threats. This section exhibits a few of our findings.

...
...

CVE-2020-13821

Vulnerability

Stored XSS on the HiveMQ Broker management console

Vulnerability Description

An issue was discovered on HiveMQ MQTT Broker, The client id of any connected device is not sanitized for XSS in the admin console leading to stored XSS.

CVE-ID

CVE-2020-13821

Vendor

HiveMQ

Product

MQTT Broker 4.3.2

Disclosure Timeline

18 May 2020 reported to the vendor

25 August 2020 Bug fixed and responsible disclosure after 90 days. .

Credit

Arun Magesh