Vulnerabilities > Auth0 > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-12-22 CVE-2022-23541 Unspecified vulnerability in Auth0 Jsonwebtoken
jsonwebtoken is an implementation of JSON Web Tokens.
network
low complexity
auth0
6.3
2022-05-05 CVE-2022-29172 Cross-site Scripting vulnerability in Auth0 Lock
Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce.
network
low complexity
auth0 CWE-79
6.1
2022-03-31 CVE-2022-24794 Open Redirect vulnerability in Auth0 Express Openid Connect
Express OpenID Connect is an Express JS middleware implementing sign on for Express web apps using OpenID Connect.
network
low complexity
auth0 CWE-601
6.1
2021-12-16 CVE-2021-43812 Open Redirect vulnerability in Auth0 Nextjs-Auth0
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications.
network
low complexity
auth0 CWE-601
6.1
2021-06-25 CVE-2021-32702 Cross-site Scripting vulnerability in Auth0 Nextjs-Auth0
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications.
network
low complexity
auth0 CWE-79
6.1
2021-06-04 CVE-2021-32641 Cross-site Scripting vulnerability in Auth0 Lock
auth0-lock is Auth0's signin solution.
network
low complexity
auth0 CWE-79
6.1
2020-08-20 CVE-2020-15119 Cross-site Scripting vulnerability in Auth0 Lock
In auth0-lock versions before and including 11.25.1, dangerouslySetInnerHTML is used to update the DOM.
network
low complexity
auth0 CWE-79
5.4
2020-04-09 CVE-2020-5263 Insufficiently Protected Credentials vulnerability in Auth0 Auth0.Js
auth0.js (NPM package auth0-js) greater than version 8.0.0 and before version 9.12.3 has a vulnerability.
network
low complexity
auth0 CWE-522
4.9
2020-04-01 CVE-2020-6753 Cross-site Scripting vulnerability in Auth0 Login BY Auth0
The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue than CVE-2020-5392.
network
low complexity
auth0 CWE-79
6.1
2020-04-01 CVE-2020-5392 Cross-site Scripting vulnerability in Auth0 Wp-Auth0
A stored cross-site scripting (XSS) vulnerability exists in the Auth0 plugin before 4.0.0 for WordPress via the settings page.
network
low complexity
auth0 CWE-79
6.1