Vulnerabilities > Auth0 > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-22 | CVE-2022-23541 | Unspecified vulnerability in Auth0 Jsonwebtoken jsonwebtoken is an implementation of JSON Web Tokens. | 6.3 |
2022-05-05 | CVE-2022-29172 | Cross-site Scripting vulnerability in Auth0 Lock Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce. | 6.1 |
2022-03-31 | CVE-2022-24794 | Open Redirect vulnerability in Auth0 Express Openid Connect Express OpenID Connect is an Express JS middleware implementing sign on for Express web apps using OpenID Connect. | 6.1 |
2021-12-16 | CVE-2021-43812 | Open Redirect vulnerability in Auth0 Nextjs-Auth0 The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. | 6.1 |
2021-06-25 | CVE-2021-32702 | Cross-site Scripting vulnerability in Auth0 Nextjs-Auth0 The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. | 6.1 |
2021-06-04 | CVE-2021-32641 | Cross-site Scripting vulnerability in Auth0 Lock auth0-lock is Auth0's signin solution. | 6.1 |
2020-08-20 | CVE-2020-15119 | Cross-site Scripting vulnerability in Auth0 Lock In auth0-lock versions before and including 11.25.1, dangerouslySetInnerHTML is used to update the DOM. | 5.4 |
2020-04-09 | CVE-2020-5263 | Insufficiently Protected Credentials vulnerability in Auth0 Auth0.Js auth0.js (NPM package auth0-js) greater than version 8.0.0 and before version 9.12.3 has a vulnerability. | 4.9 |
2020-04-01 | CVE-2020-6753 | Cross-site Scripting vulnerability in Auth0 Login BY Auth0 The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue than CVE-2020-5392. | 6.1 |
2020-04-01 | CVE-2020-5392 | Cross-site Scripting vulnerability in Auth0 Wp-Auth0 A stored cross-site scripting (XSS) vulnerability exists in the Auth0 plugin before 4.0.0 for WordPress via the settings page. | 6.1 |