Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
auth0 lock vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-32641
auth0-lock is Auth0's signin solution. Versions of nauth0-lock before and including `11.30.0` are vulnerable to reflected XSS. An attacker can execute arbitrary code when the library's `flashMessage` feature is utilized and user input or data from URL parameters is inco...
Auth0 Lock
6.1
CVSSv3
CVE-2022-29172
Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce. In versions before `11.33.0`, when the “additional signup fields” feature [is configured](https://github.com/a...
Auth0 Lock
5.4
CVSSv3
CVE-2020-15119
In auth0-lock versions before and including 11.25.1, dangerouslySetInnerHTML is used to update the DOM. When dangerouslySetInnerHTML is used, the application and its users might be exposed to cross-site scripting (XSS) attacks.
Auth0 Lock
6.1
CVSSv3
CVE-2019-20174
Auth0 Lock prior to 11.21.0 allows XSS when additionalSignUpFields is used with an untrusted placeholder.
Auth0 Lock
8.8
CVSSv3
CVE-2018-6874
CSRF exists in the Auth0 authentication service through 14591 if the Legacy Lock API flag is enabled.
Auth0 Auth0.js
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
hard-coded
CVE-2024-27202
NULL pointer dereference
CVE-2024-28075
CVE-2024-33608
CVE-2024-28889
CVE-2024-34572
template injection
CVE-2024-34351
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started