A reflected XSS vulnerability exists within the gateway, allowing an attacker to craft a specialized URL which could steal the user's authentication token. When combined with CVE-2020-6803, an attacker could fully compromise the system.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/mozilla-iot/gateway/pull/2446 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mozilla
Published: 2020-02-28T22:38:38
Updated: 2024-08-04T09:11:05.124Z
Reserved: 2020-01-10T00:00:00
Link: CVE-2020-6804
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-02-28T23:15:11.543
Modified: 2020-03-03T16:50:36.290
Link: CVE-2020-6804
Redhat
No data.