CVE-2020-8160 - Vulnerability Details - OpenCVE

MendixSSO <= 2.1.1 contains endpoints that make use of the openid handler, which is suffering from a Cross-Site Scripting vulnerability via the URL path. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00263.

Key SSVC decision points have not yet been added.

Vendors	Products
Mendix	Mendixsso

Configuration 1 [-]

cpe:2.3:a:mendix:mendixsso:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2020-29051	MendixSSO <= 2.1.1 contains endpoints that make use of the openid handler, which is suffering from a Cross-Site Scripting vulnerability via the URL path. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://hackerone.com/reports/838178
https://marketplace.mendix.com/link/component/111349

History

No history.

MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2021-01-06T14:03:44

Updated: 2024-08-04T09:48:25.590Z

Reserved: 2020-01-28T00:00:00

Link: CVE-2020-8160

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-01-06T15:15:16.493

Modified: 2024-11-21T05:38:24.553

Link: CVE-2020-8160

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "MendixSSO", "vendor": "n/a", "versions": [{"status": "affected", "version": "2.1.1 and lower"}]}], "descriptions": [{"lang": "en", "value": "MendixSSO <= 2.1.1 contains endpoints that make use of the openid handler, which is suffering from a Cross-Site Scripting vulnerability via the URL path. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "Cross-site Scripting (XSS) - Reflected (CWE-79)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-01-06T14:03:44", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/838178"}, {"tags": ["x_refsource_MISC"], "url": "https://marketplace.mendix.com/link/component/111349"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "support@hackerone.com", "ID": "CVE-2020-8160", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "MendixSSO", "version": {"version_data": [{"version_value": "2.1.1 and lower"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "MendixSSO <= 2.1.1 contains endpoints that make use of the openid handler, which is suffering from a Cross-Site Scripting vulnerability via the URL path. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Cross-site Scripting (XSS) - Reflected (CWE-79)"}]}]}, "references": {"reference_data": [{"name": "https://hackerone.com/reports/838178", "refsource": "MISC", "url": "https://hackerone.com/reports/838178"}, {"name": "https://marketplace.mendix.com/link/component/111349", "refsource": "MISC", "url": "https://marketplace.mendix.com/link/component/111349"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:48:25.590Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://hackerone.com/reports/838178"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://marketplace.mendix.com/link/component/111349"}]}]}, "cveMetadata": {"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2020-8160", "datePublished": "2021-01-06T14:03:44", "dateReserved": "2020-01-28T00:00:00", "dateUpdated": "2024-08-04T09:48:25.590Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mendix:mendixsso:*:*:*:*:*:*:*:*", "matchCriteriaId": "7C227F27-A52F-4ABF-8CAE-018053FD8004", "versionEndIncluding": "2.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "MendixSSO <= 2.1.1 contains endpoints that make use of the openid handler, which is suffering from a Cross-Site Scripting vulnerability via the URL path. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser."}, {"lang": "es", "value": "MendixSSO versiones anteriores a 2.1.1 incluy\u00e9ndola, contiene endpoints que hacen uso del manejador openid, el cual sufre una vulnerabilidad de tipo Cross-Site Scripting por medio de la ruta URL. Esto es causado por el reflejo de los datos suministrados por el usuario sin la codificaci\u00f3n de salida o escape HTML apropiado. Como resultado, una carga \u00fatil de JavaScript puede ser inyectada en el endpoint anterior, causando que sea ejecutada dentro del contexto del navegador de la v\u00edctima"}], "id": "CVE-2020-8160", "lastModified": "2024-11-21T05:38:24.553", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-01-06T15:15:16.493", "references": [{"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://hackerone.com/reports/838178"}, {"source": "support@hackerone.com", "tags": ["Product", "Vendor Advisory"], "url": "https://marketplace.mendix.com/link/component/111349"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://hackerone.com/reports/838178"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product", "Vendor Advisory"], "url": "https://marketplace.mendix.com/link/component/111349"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "support@hackerone.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}