Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-954C-JJX6-CXV7
HistoryJun 28, 2021 - 4:46 p.m.

Reflected XSS from the callback handler's error query parameter

2021-06-2816:46:41
Google
osv.dev
13
reflected xss
callback handler
error query parameter
html escaping
version 1.4.1

EPSS

0.002

Percentile

55.7%

JSON

Overview

Versions before and including 1.4.1 are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the error query parameter which is then processed by the callback handler as an error message.

Am I affected?

You are affected by this vulnerability if you are using @auth0/nextjs-auth0 version 1.4.1 or lower unless you are using custom error handling that does not return the error message in an HTML response.

How to fix that?

Upgrade to version 1.4.2.

Will this update impact my users?

The fix adds basic HTML escaping to the error message and it should not impact your users.

Credit

https://github.com/inian
https://github.com/git-ishanpatel

Related

osv 1
github 1
prion 1
cvelist 1
gitlab 1
nodejs 1
cve 1
nvd 1
osv
osv
CVE-2021-32702
2021-06-25 17:15:08
github
github
Reflected XSS from the callback handler's error query parameter
2021-06-28 16:46:41
prion
prion
Cross site scripting
2021-06-25 17:15:00
cvelist
cvelist
CVE-2021-32702 Reflected XSS from the callback handler's error query parameter
2021-06-25 16:25:11
gitlab
gitlab
Cross-site Scripting
2021-06-25 00:00:00
nodejs
nodejs
Reflected XSS from the callback handler's error query parameter
2021-06-28 16:49:46
cve
cve
CVE-2021-32702
2021-06-25 17:15:08
nvd
nvd
CVE-2021-32702
2021-06-25 17:15:08

EPSS

0.002

Percentile

55.7%

JSON
Related for OSV:GHSA-954C-JJX6-CXV7
osv1github1prion1cvelist1gitlab1nodejs1cve1nvd1