Low severityNVD Advisory· Published Aug 19, 2020· Updated Aug 4, 2024
DOM-based XSS in auth0-lock
CVE-2020-15119
Description
In auth0-lock versions before and including 11.25.1, dangerouslySetInnerHTML is used to update the DOM. When dangerouslySetInnerHTML is used, the application and its users might be exposed to cross-site scripting (XSS) attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
auth0-locknpm | < 11.26.3 | 11.26.3 |
Affected products
2Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- github.com/advisories/GHSA-6gg3-pmm7-97xcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-15119ghsaADVISORY
- github.com/auth0/lock/commit/3711fb5b42afd40073a61a58759251f51e768b1bghsaWEB
- github.com/auth0/lock/security/advisories/GHSA-6gg3-pmm7-97xcghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.