RSS   Vulnerabilities for 'Mendixsso'   RSS

2021-01-06
 
CVE-2020-8160

CWE-79
 

 
MendixSSO <= 2.1.1 contains endpoints that make use of the openid handler, which is suffering from a Cross-Site Scripting vulnerability via the URL path. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.

 

 >>> Vendor: Mendix 6 Products
SAML
Mendix
Mendixsso
Forgot password
Database replication
Excel importer


Copyright 2024, cxsecurity.com

 

Back to Top