5 matches found
@perimetre/nextjs-auth (>=0.1.0 <=0.2.1), @zagrajmy/app (>=0.0.1 <=0.1.0-alpha.0) potentially affected by CVE-2021-43812 via @auth0/nextjs-auth0 (>=0.11.0 <=0.16.1)
@auth0/nextjs-auth0 NPM version =0.11.0, =0.1.0, =0.0.1, =0.1.0-alpha.0 Source cves: CVE-2021-43812 Source advisory: OSV:GHSA-2MQV-4J3R-VJVP...
GHSA-2MQV-4J3R-VJVP Open redirect in @auth0/nextjs-auth0
Overview Versions =1.6.2 Will this update impact my users? The fix provided in the patch will not affect your users...
Reflected XSS from the callback handler's error query parameter
Overview Overview @auth0/nextjs-auth0 versions before and including 1.4.1 are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the error query parameter which is then processed by the callback handler as an error message. Am I affected? You are...
Cross site scripting
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before and including 1.4.1 are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the error query parameter which is then processed by the...
CVE-2021-32702 Reflected XSS from the callback handler's error query parameter
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before and including 1.4.1 are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the error query parameter which is then processed by the...