Multiple Auth0 Library Cross-Site Request Forgery Vulnerabilities
Auth0.js is a client-side library for Auth0, and Lock is an embeddable login form for desktops, tablets, and mobile devices. A cross-site request forgery vulnerability exists in Auth0 Lock 10 and auth0.js 8, which can be exploited by a remote attacker constructing a malicious website to perform...