Vulnerabilities > Auth0 > Lock

DATE CVE VULNERABILITY TITLE RISK
2022-05-05 CVE-2022-29172 Cross-site Scripting vulnerability in Auth0 Lock
Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce.
network
low complexity
auth0 CWE-79
6.1
6.1
2021-06-04 CVE-2021-32641 Cross-site Scripting vulnerability in Auth0 Lock
auth0-lock is Auth0's signin solution.
network
low complexity
auth0 CWE-79
6.1
6.1
2020-08-20 CVE-2020-15119 Cross-site Scripting vulnerability in Auth0 Lock
In auth0-lock versions before and including 11.25.1, dangerouslySetInnerHTML is used to update the DOM.
network
low complexity
auth0 CWE-79
5.4
5.4
2020-02-03 CVE-2019-20174 Cross-site Scripting vulnerability in Auth0 Lock
Auth0 Lock before 11.21.0 allows XSS when additionalSignUpFields is used with an untrusted placeholder.
network
low complexity
auth0 CWE-79
6.1
6.1