Vulnerabilities > Auth0 > Lock > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-05 | CVE-2022-29172 | Cross-site Scripting vulnerability in Auth0 Lock Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce. | 6.1 |
| 2021-06-04 | CVE-2021-32641 | Cross-site Scripting vulnerability in Auth0 Lock auth0-lock is Auth0's signin solution. | 6.1 |
| 2020-08-20 | CVE-2020-15119 | Cross-site Scripting vulnerability in Auth0 Lock In auth0-lock versions before and including 11.25.1, dangerouslySetInnerHTML is used to update the DOM. | 5.4 |
| 2020-02-03 | CVE-2019-20174 | Cross-site Scripting vulnerability in Auth0 Lock Auth0 Lock before 11.21.0 allows XSS when additionalSignUpFields is used with an untrusted placeholder. | 6.1 |