Vulnerabilities > Auth0 > Auth0 JS > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-04-09 CVE-2020-5263 Insufficiently Protected Credentials vulnerability in Auth0 Auth0.Js
auth0.js (NPM package auth0-js) greater than version 8.0.0 and before version 9.12.3 has a vulnerability.
network
low complexity
auth0 CWE-522
4.0
2018-04-04 CVE-2018-6874 Cross-Site Request Forgery (CSRF) vulnerability in Auth0 Auth0.Js
CSRF exists in the Auth0 authentication service through 14591 if the Legacy Lock API flag is enabled.
network
auth0 CWE-352
6.8
2018-03-06 CVE-2018-7307 Cross-Site Request Forgery (CSRF) vulnerability in Auth0 Auth0.Js
The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter.
network
auth0 CWE-352
6.8
2017-12-06 CVE-2017-17068 Information Exposure vulnerability in Auth0 Auth0.Js
A cross-origin vulnerability has been discovered in the Auth0 auth0.js library affecting versions < 8.12.
network
low complexity
auth0 CWE-200
5.0