CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-8160

MendixSSO <= 2.1.1 contains endpoints that make use of the openid handler, which is suffering from a Cross-Site Scripting vulnerability via the URL path. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 57.4%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

https://hackerone.com/reports/838178
https://marketplace.mendix.com/link/component/111349
https://hackerone.com/reports/838178
https://marketplace.mendix.com/link/component/111349

Products affected by CVE-2020-8160

Mendix » Mendixsso » Version: N/A

cpe:2.3:a:mendix:mendixsso:-
Mendix » Mendixsso » Version: 2.0.0

cpe:2.3:a:mendix:mendixsso:2.0.0
Mendix » Mendixsso » Version: 2.1.0

cpe:2.3:a:mendix:mendixsso:2.1.0
Mendix » Mendixsso » Version: 2.1.1

cpe:2.3:a:mendix:mendixsso:2.1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-8160

Products

Pricing

Contact Us