Vulnerabilities > Auth0

DATE CVE VULNERABILITY TITLE RISK
2021-06-25 CVE-2021-32702 Cross-site Scripting vulnerability in Auth0 Nextjs-Auth0
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications.
network
auth0 CWE-79
4.3
2021-06-04 CVE-2021-32641 Cross-site Scripting vulnerability in Auth0 Lock
auth0-lock is Auth0's signin solution.
network
auth0 CWE-79
4.3
2020-11-06 CVE-2020-15259 Cross-Site Request Forgery (CSRF) vulnerability in Auth0 Ad/Ldap Connector
ad-ldap-connector's admin panel before version 5.0.13 does not provide csrf protection, which when exploited may result in remote code execution or confidential data loss.
network
auth0 CWE-352
6.8
2020-10-21 CVE-2020-15240 Improper Authentication vulnerability in Auth0 Omniauth-Auth0 2.3.0/2.3.1/2.4.0
omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method.
network
auth0 CWE-287
5.8
2020-08-20 CVE-2020-15119 Cross-site Scripting vulnerability in Auth0 Lock
In auth0-lock versions before and including 11.25.1, dangerouslySetInnerHTML is used to update the DOM.
network
auth0 CWE-79
3.5
2020-07-29 CVE-2020-15125 Information Exposure Through an Error Message vulnerability in Auth0
In auth0 (npm package) versions before 2.27.1, a DenyList of specific keys that should be sanitized from the request object contained in the error object is used.
network
low complexity
auth0 CWE-209
4.0
2020-06-30 CVE-2020-15084 Improper Authorization vulnerability in Auth0 Express-Jwt
In express-jwt (NPM package) up and including version 5.3.3, the algorithms entry to be specified in the configuration is not being enforced.
network
auth0 CWE-285
4.3
2020-04-09 CVE-2020-5263 Insufficiently Protected Credentials vulnerability in Auth0 Auth0.Js
auth0.js (NPM package auth0-js) greater than version 8.0.0 and before version 9.12.3 has a vulnerability.
network
low complexity
auth0 CWE-522
4.0
2020-04-01 CVE-2020-7948 Unspecified vulnerability in Auth0 Login BY Auth0
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress.
network
low complexity
auth0
6.5
2020-04-01 CVE-2020-7947 Injection vulnerability in Auth0 Login BY Auth0
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress.
network
low complexity
auth0 CWE-74
7.5