CVE-2020-13821

EPSS 0.34% · P57 Updated Feb 24, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-13821

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

An issue was discovered in HiveMQ Broker Control Center 4.3.2. A crafted clientid parameter in an MQTT packet (sent to the Broker) is reflected in the client section of the management console. The attacker's JavaScript is loaded in a browser, which can lead to theft of the session and cookie of the administrator's account of the Broker.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

HiveMQ Broker Control Center 跨站脚本漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

HiveMQ Broker Control Center是HiveMQ公司的一个控制中心。它提供了一个仪表板，用于监控HiveMQ集群节点的健康状况、客户端概览和每个客户端会话的详细客户端视图 HiveMQ Broker Control Center 4.3.2版本存在跨站脚本漏洞，该漏洞源于MQTT数据包中的精心设计的clientid参数（发送给Broker）反映在管理控制台的client部分中。攻击者的JavaScript被加载到浏览器中，这可能导致会话的窃取和Broker管理员帐户的cookie。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2020-13821

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2020-13821

请登录查看更多情报信息。

https://www.hivemq.com/blog/hivemq-4-3-3-released/x_refsource_CONFIRM
https://payatu.com/advisory/hivemq-mqtt-broker---xss-over-mqttx_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2020-13821

Same Patch Batch · n/a · 2020-08-26 · 62 CVEs total

CVE-2020-5919		BIG-IP APM 安全漏洞
CVE-2020-24313		Etoile Web Design Ultimate Appointment Booking & Scheduling WordPress Plugin 跨站脚本漏洞
CVE-2020-15499		ASUS RT-AC1900P routers 跨站脚本漏洞
CVE-2020-15498		ASUS RT-AC1900P router 信任管理问题漏洞
CVE-2020-24312		WordPress plugin mndpsingh287 WP File Manager 信息泄露漏洞
CVE-2020-5917		BIG-IP 加密问题漏洞
CVE-2020-5918		F5 BIG-IP 资源管理错误漏洞
CVE-2020-5914		BIG-IP ASM 输入验证错误漏洞
CVE-2020-16250		HashiCorp Vault 和 Vault Enterprise 授权问题漏洞
CVE-2020-16251		HashiCorp Vault 和 Vault Enterprise 授权问题漏洞
CVE-2020-5913		F5 BIG-IP 信任管理问题漏洞
CVE-2020-5916		BIG-IP 信息泄露漏洞
CVE-2020-5915		BIG-IP 跨站脚本漏洞
CVE-2020-5912		BIG-IP 输入验证错误漏洞
CVE-2020-13410		MoscaJS Aedes 安全漏洞
CVE-2020-5924		BIG-IP APM 安全漏洞
CVE-2020-15484		Nescomed M1000安全漏洞
CVE-2020-5923		BIG-IP 安全漏洞
CVE-2020-5922		BIG-IP 跨站请求伪造漏洞
CVE-2020-5920		BIG-IP SQL注入漏洞

Showing top 20 of 62 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2020-13821

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2020-13821

I. Basic Information for CVE-2020-13821

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2020-13821

III. Intelligence Information for CVE-2020-13821

Same Patch Batch · n/a · 2020-08-26 · 62 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2020-13821

Leave a comment