CVE-2022-29172
- EPSS 0.21%
- Veröffentlicht 05.05.2022 23:15:09
- Zuletzt bearbeitet 21.11.2024 06:58:38
Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce. In versions before `11.33.0`, when the “additional signup fields” feature [is configured](ht...
CVE-2021-32641
- EPSS 0.79%
- Veröffentlicht 04.06.2021 21:15:07
- Zuletzt bearbeitet 21.11.2024 06:07:26
auth0-lock is Auth0's signin solution. Versions of nauth0-lock before and including `11.30.0` are vulnerable to reflected XSS. An attacker can execute arbitrary code when the library's `flashMessage` feature is utilized and user input or data from UR...
CVE-2020-15119
- EPSS 0.28%
- Veröffentlicht 20.08.2020 01:17:11
- Zuletzt bearbeitet 21.11.2024 05:04:51
In auth0-lock versions before and including 11.25.1, dangerouslySetInnerHTML is used to update the DOM. When dangerouslySetInnerHTML is used, the application and its users might be exposed to cross-site scripting (XSS) attacks.
CVE-2019-20174
- EPSS 0.46%
- Veröffentlicht 03.02.2020 18:15:12
- Zuletzt bearbeitet 21.11.2024 04:38:09
Auth0 Lock before 11.21.0 allows XSS when additionalSignUpFields is used with an untrusted placeholder.