{"vulnerability": "CVE-2020-8160", "sightings": [{"uuid": "7e0edb79-6288-473f-be3d-d840933f975e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-8160", "type": "seen", "source": "https://t.me/cibsecurity/21671", "content": "\u203c CVE-2020-8160 \u203c\n\nMendixSSO <= 2.1.1 contains endpoints that make use of the openid handler, which is suffering from a Cross-Site Scripting vulnerability via the URL path. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-06T18:39:25.000000Z"}]}