Every CVE whose affected-product data names Auth0 Lock, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2021-32641 — CVSS 8.1 (high): auth0-lock is Auth0's signin solution. Versions of nauth0-lock before and including `11.30.0` are vulnerable to reflected XSS. An attacker…
CVE-2020-15119 — CVSS 6.4 (medium): In auth0-lock versions before and including 11.25.1, dangerouslySetInnerHTML is used to update the DOM. When dangerouslySetInnerHTML is…
CVE-2019-20174 — CVSS 6.1 (medium): Auth0 Lock before 11.21.0 allows XSS when additionalSignUpFields is used with an untrusted placeholder.
CVE-2022-29172 — CVSS 6.1 (medium): Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google…