Filtered by vendor Mendix
Subscriptions
Filtered by product Mendixsso
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8160 | 1 Mendix | 1 Mendixsso | 2024-11-21 | 6.1 Medium |
| MendixSSO <= 2.1.1 contains endpoints that make use of the openid handler, which is suffering from a Cross-Site Scripting vulnerability via the URL path. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser. | ||||
Page 1 of 1.