CVE-2020-8160
N/A
N/A
Summary
MendixSSO <= 2.1.1 contains endpoints that make use of the openid handler, which is suffering from a Cross-Site Scripting vulnerability via the URL path. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | MendixSSO | 2.1.1 and lower | affected |
Weaknesses
- CWE-79: Cross-site Scripting (XSS) - Reflected (CWE-79)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.