794 matches found
GHSA-3RPR-MG43-XHQ4 auth0-js Privilege Escalation Vulnerability
A cross-origin vulnerability has been discovered in the Auth0 auth0.js library affecting versions 8.12. This vulnerability allows an attacker to acquire authenticated users' tokens and invoke services on a user's behalf if the target site or application uses a popup callback page with...
auth0-js Privilege Escalation Vulnerability
A cross-origin vulnerability has been discovered in the Auth0 auth0.js library affecting versions 8.12. This vulnerability allows an attacker to acquire authenticated users' tokens and invoke services on a user's behalf if the target site or application uses a popup callback page with...
Cross-Origin Resource Sharing (CORS) Vulnerability
auth0-js has cross-origin resource sharing CORS vulnerability . It does not perform origin verification and uses a popup callback page with auth0.popup.callback, allowing the attackers to get access the tokens of logged-in users by using unrestricted cross-origin post message requests. The...
Auth0 auth0.js cross-origin vulnerability
Auth0.js is the client library for Auth0. A cross-origin vulnerability exists in Auth0 auth0.js prior to 8.12. An attacker could use this vulnerability to obtain an authenticated user's token and invoke a service on behalf of the user if the target site or application uses a popup callback page v...
Cross site scripting
A cross-origin vulnerability has been discovered in the Auth0 auth0.js library affecting versions 8.12. This vulnerability allows an attacker to acquire authenticated users' tokens and invoke services on a user's behalf if the target site or application uses a popup callback page with...
CVE-2017-17068
A cross-origin vulnerability has been discovered in the Auth0 auth0.js library affecting versions 8.12. This vulnerability allows an attacker to acquire authenticated users' tokens and invoke services on a user's behalf if the target site or application uses a popup callback page with...
CVE-2017-17068
A cross-origin vulnerability has been discovered in the Auth0 auth0.js library affecting versions 8.12. This vulnerability allows an attacker to acquire authenticated users' tokens and invoke services on a user's behalf if the target site or application uses a popup callback page with...
CVE-2017-17068
A cross-origin vulnerability has been discovered in the Auth0 auth0.js library affecting versions 8.12. This vulnerability allows an attacker to acquire authenticated users' tokens and invoke services on a user's behalf if the target site or application uses a popup callback page with...
CVE-2017-17068
The CVE-2017-17068 entry concerns Auth0’s auth0.js library prior to 8.12. A cross-origin vulnerability allows an attacker to obtain authenticated users’ tokens and invoke services on behalf of a user when a site uses a popup callback page via auth0.popup.callback(). Affected software: auth0.js
Critical vulnerabilities in JSON Web Token libraries
More info at https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/...
cyprusweddingsmagazine.eu.auth0.com Open Redirect vulnerability
Vulnerable URL: https://cyprusweddingsmagazine.eu.auth0.com/v2/logout?returnTo=https://www.xssposed.org/ Details: Description| Value ---|--- Patched:| Yes, at 17.01.2017 Latest check for patch:| 17.01.2017 13:19 GMT Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alex...
Critical vulnerabilities in JSON Web Token libraries
More info at https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/...
Critical Vulnerabilities Affecting JSON Web Token Libraries
Critical vulnerabilities exist in several JSON Web Token JWT libraries – namely the JavaScript and PHP versions – that could let an attacker bypass the verification step. Tim McLean, a Canadian security researcher who specializes in cryptography and dug up the issues, points out that attackers...
Critical vulnerabilities in JSON Web Token libraries
More info at https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/...