CVE-2020-6804
CVE-2020-6804 is a reflected XSS in Mozilla WebThings Gateway. The vulnerability allows crafted URLs to steal a user’s authentication token via the gateway interface. When paired with CVE-2020-6803 (open redirect on the gateway login page), an attacker could fully compromise the system. The provi...