CVE-2020-8160

CVE-2020-8160 : In MendixSSO ≤ 2.1.1, endpoints using the openid handler are vulnerable to a reflected Cross-Site Scripting (XSS) via the URL path. The flaw arises from reflecting user-supplied data without proper HTML escaping/output encoding, allowing injection of a JavaScript payload executed ...