Stored XSS on the HiveMQ Broker management console
An issue was discovered on HiveMQ MQTT Broker, The client id of any connected device is not sanitized for XSS in the admin console leading to stored XSS.
MQTT Broker 4.3.2
18 May 2020 reported to the vendor
25 August 2020 Bug fixed and responsible disclosure after 90 days. .