Lucene search
K

794 matches found

OSV
OSV
added 2017/12/21 12:47 a.m.14 views

GHSA-3RPR-MG43-XHQ4 auth0-js Privilege Escalation Vulnerability

A cross-origin vulnerability has been discovered in the Auth0 auth0.js library affecting versions 8.12. This vulnerability allows an attacker to acquire authenticated users' tokens and invoke services on a user's behalf if the target site or application uses a popup callback page with...

7.5CVSS7.3AI score0.0142EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2017/12/21 12:47 a.m.33 views

auth0-js Privilege Escalation Vulnerability

A cross-origin vulnerability has been discovered in the Auth0 auth0.js library affecting versions 8.12. This vulnerability allows an attacker to acquire authenticated users' tokens and invoke services on a user's behalf if the target site or application uses a popup callback page with...

7.5CVSS7.1AI score0.0142EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2017/12/07 4:5 a.m.29 views

Cross-Origin Resource Sharing (CORS) Vulnerability

auth0-js has cross-origin resource sharing CORS vulnerability . It does not perform origin verification and uses a popup callback page with auth0.popup.callback, allowing the attackers to get access the tokens of logged-in users by using unrestricted cross-origin post message requests. The...

7.5CVSS7.3AI score0.0142EPSS
Exploits1References3Affected Software2
CNVD
CNVD
added 2017/12/07 12:0 a.m.5 views

Auth0 auth0.js cross-origin vulnerability

Auth0.js is the client library for Auth0. A cross-origin vulnerability exists in Auth0 auth0.js prior to 8.12. An attacker could use this vulnerability to obtain an authenticated user's token and invoke a service on behalf of the user if the target site or application uses a popup callback page v...

7.5CVSS6.6AI score0.0142EPSS
Exploits1References1
Prion
Prion
added 2017/12/06 7:29 p.m.11 views

Cross site scripting

A cross-origin vulnerability has been discovered in the Auth0 auth0.js library affecting versions 8.12. This vulnerability allows an attacker to acquire authenticated users' tokens and invoke services on a user's behalf if the target site or application uses a popup callback page with...

5CVSS7.2AI score0.0142EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2017/12/06 7:29 p.m.22 views

CVE-2017-17068

A cross-origin vulnerability has been discovered in the Auth0 auth0.js library affecting versions 8.12. This vulnerability allows an attacker to acquire authenticated users' tokens and invoke services on a user's behalf if the target site or application uses a popup callback page with...

7.5CVSS6.3AI score0.0142EPSS
Exploits1References2
NVD
NVD
added 2017/12/06 7:29 p.m.29 views

CVE-2017-17068

A cross-origin vulnerability has been discovered in the Auth0 auth0.js library affecting versions 8.12. This vulnerability allows an attacker to acquire authenticated users' tokens and invoke services on a user's behalf if the target site or application uses a popup callback page with...

7.5CVSS7.2AI score0.0142EPSS
Exploits1References2
Cvelist
Cvelist
added 2017/12/06 7:0 p.m.29 views

CVE-2017-17068

A cross-origin vulnerability has been discovered in the Auth0 auth0.js library affecting versions 8.12. This vulnerability allows an attacker to acquire authenticated users' tokens and invoke services on a user's behalf if the target site or application uses a popup callback page with...

7.2AI score0.0142EPSS
Exploits1References2
CVE
CVE
added 2017/12/06 7:0 p.m.52 views

CVE-2017-17068

The CVE-2017-17068 entry concerns Auth0’s auth0.js library prior to 8.12. A cross-origin vulnerability allows an attacker to obtain authenticated users’ tokens and invoke services on behalf of a user when a site uses a popup callback page via auth0.popup.callback(). Affected software: auth0.js

7.5CVSS7.2AI score0.0142EPSS
Exploits1References2Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/08/30 10:37 a.m.10 views

Critical vulnerabilities in JSON Web Token libraries

More info at https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/...

7.2AI score
Exploits0Affected Software1
Openbugbounty
Openbugbounty
added 2016/01/07 11:21 a.m.11 views

cyprusweddingsmagazine.eu.auth0.com Open Redirect vulnerability

Vulnerable URL: https://cyprusweddingsmagazine.eu.auth0.com/v2/logout?returnTo=https://www.xssposed.org/ Details: Description| Value ---|--- Patched:| Yes, at 17.01.2017 Latest check for patch:| 17.01.2017 13:19 GMT Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alex...

6.9AI score
Exploits0
Friends Of PHP
Friends Of PHP
added 2015/04/01 6:8 p.m.21 views

Critical vulnerabilities in JSON Web Token libraries

More info at https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/...

0.6AI score
Exploits0Affected Software1
ThreatPost
ThreatPost
added 2015/04/01 2:58 p.m.21 views

Critical Vulnerabilities Affecting JSON Web Token Libraries

Critical vulnerabilities exist in several JSON Web Token JWT libraries – namely the JavaScript and PHP versions – that could let an attacker bypass the verification step. Tim McLean, a Canadian security researcher who specializes in cryptography and dug up the issues, points out that attackers...

7.7AI score
Exploits0References17
Friends Of PHP
Friends Of PHP
added 2015/03/10 7:41 a.m.12 views

Critical vulnerabilities in JSON Web Token libraries

More info at https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/...

7.2AI score
Exploits0Affected Software1
Rows per page
Query Builder