Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
auth0 lock vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2021-32641
auth0-lock is Auth0's signin solution. Versions of nauth0-lock before and including `11.30.0` are vulnerable to reflected XSS. An attacker can execute arbitrary code when the library's `flashMessage` feature is utilized and user input or data from URL parameters is inco...
Auth0 Lock
231
VMScore
CVE-2022-29172
Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce. In versions before `11.33.0`, when the “additional signup fields” feature [is configured](https://github.com/a...
Auth0 Lock
312
VMScore
CVE-2020-15119
In auth0-lock versions before and including 11.25.1, dangerouslySetInnerHTML is used to update the DOM. When dangerouslySetInnerHTML is used, the application and its users might be exposed to cross-site scripting (XSS) attacks.
Auth0 Lock
383
VMScore
CVE-2019-20174
Auth0 Lock prior to 11.21.0 allows XSS when additionalSignUpFields is used with an untrusted placeholder.
Auth0 Lock
605
VMScore
CVE-2018-6874
CSRF exists in the Auth0 authentication service through 14591 if the Legacy Lock API flag is enabled.
Auth0 Auth0.js
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started