Lucene search
K

26 matches found

Cvelist
Cvelist
added 2018/03/06 3:0 p.m.28 views

CVE-2018-7307

The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter...

8.8AI score0.00522EPSS
Exploits0References1
CVE
CVE
added 2018/03/06 3:0 p.m.51 views

CVE-2018-7307

Auth0.js (Auth0.js library) is affected up to and including version 9.3, where CSRF can occur if the authorization response lacks the state parameter. Root cause: improper handling of missing state in the response. Impact: CSRF vulnerability with high CVSS3 score (8.8) and notable risks of unauth...

8.8CVSS8.7AI score0.00522EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2017/12/21 12:47 a.m.14 views

GHSA-3RPR-MG43-XHQ4 auth0-js Privilege Escalation Vulnerability

A cross-origin vulnerability has been discovered in the Auth0 auth0.js library affecting versions 8.12. This vulnerability allows an attacker to acquire authenticated users' tokens and invoke services on a user's behalf if the target site or application uses a popup callback page with...

7.5CVSS7.3AI score0.0142EPSS
Exploits1References4
Veracode
Veracode
added 2017/12/07 4:5 a.m.29 views

Cross-Origin Resource Sharing (CORS) Vulnerability

auth0-js has cross-origin resource sharing CORS vulnerability . It does not perform origin verification and uses a popup callback page with auth0.popup.callback, allowing the attackers to get access the tokens of logged-in users by using unrestricted cross-origin post message requests. The...

7.5CVSS7.3AI score0.0142EPSS
Exploits1References3Affected Software2
CNVD
CNVD
added 2017/12/07 12:0 a.m.5 views

Auth0 auth0.js cross-origin vulnerability

Auth0.js is the client library for Auth0. A cross-origin vulnerability exists in Auth0 auth0.js prior to 8.12. An attacker could use this vulnerability to obtain an authenticated user's token and invoke a service on behalf of the user if the target site or application uses a popup callback page v...

7.5CVSS6.6AI score0.0142EPSS
Exploits1References1
CVE
CVE
added 2017/12/06 7:0 p.m.50 views

CVE-2017-17068

The CVE-2017-17068 entry concerns Auth0’s auth0.js library prior to 8.12. A cross-origin vulnerability allows an attacker to obtain authenticated users’ tokens and invoke services on behalf of a user when a site uses a popup callback page via auth0.popup.callback(). Affected software: auth0.js

7.5CVSS7.2AI score0.0142EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder