Medium severity6.1NVD Advisory· Published Jan 6, 2021· Updated Jun 17, 2026
CVE-2020-8160
CVE-2020-8160
Description
MendixSSO <= 2.1.1 contains endpoints that make use of the openid handler, which is suffering from a Cross-Site Scripting vulnerability via the URL path. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.
Affected products
2- MendixSSO/MendixSSOdescription
Patches
Vulnerability mechanics
References
2- hackerone.com/reports/838178nvdThird Party Advisory
- marketplace.mendix.com/link/component/111349nvdProductVendor Advisory
News mentions
0No linked articles in our index yet.