Vulnerabilities > Auth0 > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-04-09 CVE-2020-5263 Insufficiently Protected Credentials vulnerability in Auth0 Auth0.Js
auth0.js (NPM package auth0-js) greater than version 8.0.0 and before version 9.12.3 has a vulnerability.
network
low complexity
auth0 CWE-522
4.0
2020-04-01 CVE-2020-7948 Unspecified vulnerability in Auth0 Login BY Auth0
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress.
network
low complexity
auth0
6.5
2020-04-01 CVE-2020-6753 Cross-site Scripting vulnerability in Auth0 Login BY Auth0
The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue than CVE-2020-5392.
network
auth0 CWE-79
4.3
2020-04-01 CVE-2020-5392 Cross-site Scripting vulnerability in Auth0 Wp-Auth0
A stored cross-site scripting (XSS) vulnerability exists in the Auth0 plugin before 4.0.0 for WordPress via the settings page.
network
auth0 CWE-79
4.3
2020-04-01 CVE-2020-5391 Cross-Site Request Forgery (CSRF) vulnerability in Auth0 Wp-Auth0
Cross-site request forgery (CSRF) vulnerabilities exist in the Auth0 plugin before 4.0.0 for WordPress via the domain field.
network
auth0 CWE-352
6.8
2020-02-05 CVE-2019-20173 Cross-site Scripting vulnerability in Auth0 Login BY Auth0 3.11.0/3.11.1/3.11.2
The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php.
network
auth0 CWE-79
4.3
2020-02-03 CVE-2019-20174 Cross-site Scripting vulnerability in Auth0 Lock
Auth0 Lock before 11.21.0 allows XSS when additionalSignUpFields is used with an untrusted placeholder.
network
auth0 CWE-79
4.3
2019-10-08 CVE-2019-16929 Improper Authentication vulnerability in Auth0 Auth0.Net
Auth0 auth0.net before 6.5.4 has Incorrect Access Control because IdentityTokenValidator can be accidentally used to validate untrusted ID tokens.
network
low complexity
auth0 CWE-287
5.0
2018-08-29 CVE-2018-15121 Cross-Site Request Forgery (CSRF) vulnerability in Auth0 Aspnet and Aspnet-Owin
An issue was discovered in Auth0 auth0-aspnet and auth0-aspnet-owin.
network
auth0 CWE-352
6.8
2018-06-19 CVE-2018-11537 Improper Input Validation vulnerability in Auth0 Angular-Jwt
Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain whitelist filter via a crafted domain.
network
auth0 CWE-20
4.3