26 matches found
CVE-2018-7307
The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter...
CVE-2018-7307
Auth0.js (Auth0.js library) is affected up to and including version 9.3, where CSRF can occur if the authorization response lacks the state parameter. Root cause: improper handling of missing state in the response. Impact: CSRF vulnerability with high CVSS3 score (8.8) and notable risks of unauth...
GHSA-3RPR-MG43-XHQ4 auth0-js Privilege Escalation Vulnerability
A cross-origin vulnerability has been discovered in the Auth0 auth0.js library affecting versions 8.12. This vulnerability allows an attacker to acquire authenticated users' tokens and invoke services on a user's behalf if the target site or application uses a popup callback page with...
Cross-Origin Resource Sharing (CORS) Vulnerability
auth0-js has cross-origin resource sharing CORS vulnerability . It does not perform origin verification and uses a popup callback page with auth0.popup.callback, allowing the attackers to get access the tokens of logged-in users by using unrestricted cross-origin post message requests. The...
Auth0 auth0.js cross-origin vulnerability
Auth0.js is the client library for Auth0. A cross-origin vulnerability exists in Auth0 auth0.js prior to 8.12. An attacker could use this vulnerability to obtain an authenticated user's token and invoke a service on behalf of the user if the target site or application uses a popup callback page v...
CVE-2017-17068
The CVE-2017-17068 entry concerns Auth0’s auth0.js library prior to 8.12. A cross-origin vulnerability allows an attacker to obtain authenticated users’ tokens and invoke services on behalf of a user when a site uses a popup callback page via auth0.popup.callback(). Affected software: auth0.js