Back to search
CVE-2020-8160
Published: Jan 6, 2021
Modified: Aug 4, 2024
PUBLISHED
Description
MendixSSO <= 2.1.1 contains endpoints that make use of the openid handler, which is suffering from a Cross-Site Scripting vulnerability via the URL path. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.
| Vendor | Product | Versions |
|---|---|---|
n/a | MendixSSO | affected 2.1.1 and lower |
Weaknesses (CWE)
References
https://hackerone.com/reports/838178
x_refsource_MISC
https://marketplace.mendix.com/link/component/111349
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now