Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
auth0 vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2018-7307
The Auth0 Auth0.js library prior to 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter.
Auth0 Auth0.js
383
VMScore
CVE-2021-32702
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before and including `1.4.1` are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the `error` query parameter which is then ...
Auth0 Nextjs-auth0
383
VMScore
CVE-2019-20173
The Auth0 wp-auth0 plugin 3.11.x prior to 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php.
Auth0 Login By Auth0
383
VMScore
CVE-2020-6753
The Login by Auth0 plugin prior to 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue than CVE-2020-5392.
Auth0 Login By Auth0
668
VMScore
CVE-2020-7947
An issue exists in the Login by Auth0 plugin prior to 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn't sanitized, and no input validation is performed, before the exporting of ...
Auth0 Login By Auth0
578
VMScore
CVE-2020-7948
An issue exists in the Login by Auth0 plugin prior to 4.0.0 for WordPress. A user can perform an insecure direct object reference.
Auth0 Login By Auth0
605
VMScore
CVE-2018-15121
An issue exists in Auth0 auth0-aspnet and auth0-aspnet-owin. Affected packages do not use or validate the state parameter of the OAuth 2.0 and OpenID Connect protocols. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations.
Auth0 Aspnet-owin -
Auth0 Aspnet -
668
VMScore
CVE-2019-7644
Auth0 Auth0-WCF-Service-JWT prior to 1.0.4 leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. If this error message is presented to an attacker, they can forge an arbitrary JWT token that will be accepted by the vulnerable...
Auth0 Auth0-wcf-service-jwt
NA
CVE-2022-23539
Versions `<=8.5.1` of `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm. You are affected if you are using an algorithm and a key type other than a ...
Auth0 Jsonwebtoken
NA
CVE-2022-23540
In versions `<=8.5.1` of `jsonwebtoken` library, lack of algorithm definition in the `jwt.verify()` function can lead to signature validation bypass due to defaulting to the `none` algorithm for signature verification. Users are affected if you do not specify algorithms in the...
Auth0 Jsonwebtoken
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »