Vulnerabilities > Auth0 > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-09 | CVE-2020-5263 | Insufficiently Protected Credentials vulnerability in Auth0 Auth0.Js auth0.js (NPM package auth0-js) greater than version 8.0.0 and before version 9.12.3 has a vulnerability. | 4.0 |
| 2020-04-01 | CVE-2020-7948 | Unspecified vulnerability in Auth0 Login BY Auth0 An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. | 6.5 |
| 2020-04-01 | CVE-2020-6753 | Cross-site Scripting vulnerability in Auth0 Login BY Auth0 The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue than CVE-2020-5392. | 4.3 |
| 2020-04-01 | CVE-2020-5392 | Cross-site Scripting vulnerability in Auth0 Wp-Auth0 A stored cross-site scripting (XSS) vulnerability exists in the Auth0 plugin before 4.0.0 for WordPress via the settings page. | 4.3 |
| 2020-04-01 | CVE-2020-5391 | Cross-Site Request Forgery (CSRF) vulnerability in Auth0 Wp-Auth0 Cross-site request forgery (CSRF) vulnerabilities exist in the Auth0 plugin before 4.0.0 for WordPress via the domain field. | 6.8 |
| 2020-02-05 | CVE-2019-20173 | Cross-site Scripting vulnerability in Auth0 Login BY Auth0 3.11.0/3.11.1/3.11.2 The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php. | 4.3 |
| 2020-02-03 | CVE-2019-20174 | Cross-site Scripting vulnerability in Auth0 Lock Auth0 Lock before 11.21.0 allows XSS when additionalSignUpFields is used with an untrusted placeholder. | 4.3 |
| 2019-10-08 | CVE-2019-16929 | Improper Authentication vulnerability in Auth0 Auth0.Net Auth0 auth0.net before 6.5.4 has Incorrect Access Control because IdentityTokenValidator can be accidentally used to validate untrusted ID tokens. | 5.0 |
| 2018-08-29 | CVE-2018-15121 | Cross-Site Request Forgery (CSRF) vulnerability in Auth0 Aspnet and Aspnet-Owin An issue was discovered in Auth0 auth0-aspnet and auth0-aspnet-owin. | 6.8 |
| 2018-06-19 | CVE-2018-11537 | Improper Input Validation vulnerability in Auth0 Angular-Jwt Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain whitelist filter via a crafted domain. | 4.3 |