CVE-2020-8160

Name of the Vulnerable Software and Affected Versions: MendixSSO versions 2.1.1 and earlier

Description: The issue is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding in the openid handler, leading to a Cross-Site Scripting vulnerability via the URL path. This allows a JavaScript payload to be injected into the endpoint, causing it to be executed within the context of the victim's browser.

Recommendations: For MendixSSO versions 2.1.1 and earlier, update to a version later than 2.1.1 to resolve the issue. As a temporary workaround, consider restricting access to the openid handler endpoints to minimize the risk of exploitation.