6 matches found
CVE-2020-6804
A reflected XSS vulnerability exists within the gateway, allowing an attacker to craft a specialized URL which could steal the user's authentication token. When combined with CVE-2020-6803, an attacker could fully compromise the system...
CVE-2020-6803
An open redirect is present on the gateway's login page, which could cause a user to be redirected to a malicious site after logging in...
Cross site scripting
A reflected XSS vulnerability exists within the gateway, allowing an attacker to craft a specialized URL which could steal the user's authentication token. When combined with CVE-2020-6803, an attacker could fully compromise the system...
CVE-2020-6804
CVE-2020-6804 is a reflected XSS in Mozilla WebThings Gateway. The vulnerability allows crafted URLs to steal a user’s authentication token via the gateway interface. When paired with CVE-2020-6803 (open redirect on the gateway login page), an attacker could fully compromise the system. The provi...
CVE-2020-6803
CVE-2020-6803 applies to the Mozilla WebThings Gateway. The vulnerability is an open redirect on the gateway’s login page, which could cause a user to be redirected to a malicious site after logging in. The connected documents also note coordination with CVE-2020-6804 (XSS ) and that, when combin...
CVE-2020-6803 Open redirect in Mozilla WebThings Gateway
An open redirect is present on the gateway's login page, which could cause a user to be redirected to a malicious site after logging in...