Vulnerabilities > Auth0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-06 | CVE-2020-15259 | Cross-Site Request Forgery (CSRF) vulnerability in Auth0 Ad/Ldap Connector ad-ldap-connector's admin panel before version 5.0.13 does not provide csrf protection, which when exploited may result in remote code execution or confidential data loss. | 6.8 |
| 2020-10-21 | CVE-2020-15240 | Improper Verification of Cryptographic Signature vulnerability in Auth0 Omniauth-Auth0 2.3.0/2.3.1/2.4.0 omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method. | 5.8 |
| 2020-08-20 | CVE-2020-15119 | Cross-site Scripting vulnerability in Auth0 Lock In auth0-lock versions before and including 11.25.1, dangerouslySetInnerHTML is used to update the DOM. | 3.5 |
| 2020-07-29 | CVE-2020-15125 | Information Exposure Through an Error Message vulnerability in Auth0 In auth0 (npm package) versions before 2.27.1, a DenyList of specific keys that should be sanitized from the request object contained in the error object is used. | 4.0 |
| 2020-06-30 | CVE-2020-15084 | Incorrect Authorization vulnerability in Auth0 Express-Jwt In express-jwt (NPM package) up and including version 5.3.3, the algorithms entry to be specified in the configuration is not being enforced. | 9.1 |
| 2020-04-09 | CVE-2020-5263 | Insufficiently Protected Credentials vulnerability in Auth0 Auth0.Js auth0.js (NPM package auth0-js) greater than version 8.0.0 and before version 9.12.3 has a vulnerability. | 4.0 |
| 2020-04-01 | CVE-2020-7948 | Unspecified vulnerability in Auth0 Login BY Auth0 An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. | 6.5 |
| 2020-04-01 | CVE-2020-7947 | Injection vulnerability in Auth0 Login BY Auth0 An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. | 7.5 |
| 2020-04-01 | CVE-2020-6753 | Cross-site Scripting vulnerability in Auth0 Login BY Auth0 The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue than CVE-2020-5392. | 4.3 |
| 2020-04-01 | CVE-2020-5392 | Cross-site Scripting vulnerability in Auth0 Wp-Auth0 A stored cross-site scripting (XSS) vulnerability exists in the Auth0 plugin before 4.0.0 for WordPress via the settings page. | 4.3 |