5 matches found
CVE-2022-29172
Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce. In versions before 11.33.0, when the “additional signup fields” feature is configured, a malicious actor can inject invalidated HTML code...
The vulnerability of the “additional signup fields” function in the Auth0 authentication tool allows a hacker to disclose protected information.
The vulnerability of the “additional signup fields” function in the Auth0 authentication tool is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose protected information...
Design/Logic Flaw
Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce. In versions before 11.33.0, when the “additional signup fields� feature is configured, a malicious actor can inject invalidated HTML co...
CVE-2022-29172 HTML injection with additional signup fields
Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce. In versions before 11.33.0, when the “additional signup fields” feature is configured, a malicious actor can inject invalidated HTML code...
CVE-2022-29172
Auth0 Lock (auth0-lock) vulnerability CVE-2022-29172 affects versions before 11.33.0 where the “additional signup fields” feature allows HTML injection into the fields, storing invalid HTML in the user metadata payload (name property). This can cause a crafted link to render HTML in the recipient...