CVE-2020-8160

Summary

MendixSSO <= 2.1.1 contains endpoints that make use of the openid handler, which is suffering from a Cross-Site Scripting vulnerability via the URL path. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.

Affected Software

VendorProductVersion RangeStatus
n/aMendixSSO2.1.1 and loweraffected

Weaknesses

  • CWE-79: Cross-site Scripting (XSS) - Reflected (CWE-79)

ADP Enrichment

CVE Program Container

Additional References

References