Vulnerabilities > Auth0 > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-02-05 CVE-2019-20173 Cross-site Scripting vulnerability in Auth0 Login BY Auth0 3.11.0/3.11.1/3.11.2
The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php.
network
low complexity
auth0 CWE-79
6.1
2020-02-03 CVE-2019-20174 Cross-site Scripting vulnerability in Auth0 Lock
Auth0 Lock before 11.21.0 allows XSS when additionalSignUpFields is used with an untrusted placeholder.
network
low complexity
auth0 CWE-79
6.1
2018-06-19 CVE-2018-11537 Improper Input Validation vulnerability in Auth0 Angular-Jwt
Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain whitelist filter via a crafted domain.
network
low complexity
auth0 CWE-20
6.5