2 matches found
CVE-2020-6804
A reflected XSS vulnerability exists within the gateway, allowing an attacker to craft a specialized URL which could steal the user's authentication token. When combined with CVE-2020-6803, an attacker could fully compromise the system...
CVE-2020-6804
CVE-2020-6804 is a reflected XSS in Mozilla WebThings Gateway. The vulnerability allows crafted URLs to steal a user’s authentication token via the gateway interface. When paired with CVE-2020-6803 (open redirect on the gateway login page), an attacker could fully compromise the system. The provi...