Lucene search
GitHub_MCVELIST:CVE-2020-15119HistoryAug 19, 2020 - 9:20 p.m.
CVE-2020-15119 DOM-based XSS in auth0-lock
2020-08-1921:20:11
CWE-79
GitHub_M
www.cve.org
4
cve-2020-15119
dom-based xss
auth0-lock
dangerouslysetinnerhtml
cross-site scripting
xss attacks
CVSS3
6.4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
EPSS
0.001
Percentile
22.7%
In auth0-lock versions before and including 11.25.1, dangerouslySetInnerHTML is used to update the DOM. When dangerouslySetInnerHTML is used, the application and its users might be exposed to cross-site scripting (XSS) attacks.
CNA Affected
[
{
"product": "lock",
"vendor": "auth0",
"versions": [
{
"status": "affected",
"version": "<= 11.25.1"
}
]
}
]Related
nvd
nvd
CVE-2020-15119
2020-08-20 01:17:11
prion
prion
Cross site scripting
2020-08-20 01:17:00
osv
osv
CVE-2020-15119
2020-08-20 01:17:11
DOM-based XSS in auth0-lock
2020-08-19 21:05:03
github
github
DOM-based XSS in auth0-lock
2020-08-19 21:05:03
githubexploit
githubexploit
Exploit for Cross-site Scripting in Auth0 Lock
2020-12-01 09:45:48
veracode
veracode
Cross-Site Scripting (XSS)
2020-08-20 02:19:31
cve
cve
CVE-2020-15119
2020-08-20 01:17:11
nodejs
nodejs
DOM-based XSS
2020-08-19 21:15:29
CVSS3
6.4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
EPSS
0.001
Percentile
22.7%
Related for CVELIST:CVE-2020-15119