Lock

Source repositories

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2022-29172	Auth0 Lock	—	0.01	May 5, 2022	Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce. In versions before `11.33.0`, when the “additional signup fields” feature [is configured](https://github.com/auth0/loc…
CVE-2021-32641	Auth0 Lock	—	0.02	Jun 4, 2021	auth0-lock is Auth0's signin solution. Versions of nauth0-lock before and including `11.30.0` are vulnerable to reflected XSS. An attacker can execute arbitrary code when the library's `flashMessage` feature is utilized and user input or data from URL parameters is incorporated…
CVE-2020-15119	Auth0 Lock	—	0.01	Aug 19, 2020	In auth0-lock versions before and including 11.25.1, dangerouslySetInnerHTML is used to update the DOM. When dangerouslySetInnerHTML is used, the application and its users might be exposed to cross-site scripting (XSS) attacks.

CVE-2022-29172May 5, 2022
Auth0
Lock
risk 0.00cvss —epss 0.01
Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce. In versions before `11.33.0`, when the “additional signup fields” feature [is configured](https://github.com/auth0/loc…
CVE-2021-32641Jun 4, 2021
Auth0
Lock
risk 0.00cvss —epss 0.02
auth0-lock is Auth0's signin solution. Versions of nauth0-lock before and including `11.30.0` are vulnerable to reflected XSS. An attacker can execute arbitrary code when the library's `flashMessage` feature is utilized and user input or data from URL parameters is incorporated…
CVE-2020-15119Aug 19, 2020
Auth0
Lock
risk 0.00cvss —epss 0.01
In auth0-lock versions before and including 11.25.1, dangerouslySetInnerHTML is used to update the DOM. When dangerouslySetInnerHTML is used, the application and its users might be exposed to cross-site scripting (XSS) attacks.