Vulnerabilities (CVE)

Filtered by vendor Mendix Subscribe
Filtered by product Mendixsso
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-8160 1 Mendix 1 Mendixsso 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
MendixSSO <= 2.1.1 contains endpoints that make use of the openid handler, which is suffering from a Cross-Site Scripting vulnerability via the URL path. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.