Vulnerabilities > Auth0 > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-05 | CVE-2019-20173 | Cross-site Scripting vulnerability in Auth0 Login BY Auth0 3.11.0/3.11.1/3.11.2 The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php. | 6.1 |
| 2020-02-03 | CVE-2019-20174 | Cross-site Scripting vulnerability in Auth0 Lock Auth0 Lock before 11.21.0 allows XSS when additionalSignUpFields is used with an untrusted placeholder. | 6.1 |
| 2018-06-19 | CVE-2018-11537 | Improper Input Validation vulnerability in Auth0 Angular-Jwt Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain whitelist filter via a crafted domain. | 6.5 |