XSS in Mozilla WebThings Gateway
CVE-2020-6804
8.8HIGH
What is CVE-2020-6804?
A reflected XSS vulnerability exists within the gateway, allowing an attacker to craft a specialized URL which could steal the user's authentication token. When combined with CVE-2020-6803, an attacker could fully compromise the system.
Affected Version(s)
WebThings Gateway 0.3.0 < 0.3.0*
WebThings Gateway 0.12.0