2 matches found
CVE-2018-7307
Auth0.js (Auth0.js library) is affected up to and including version 9.3, where CSRF can occur if the authorization response lacks the state parameter. Root cause: improper handling of missing state in the response. Impact: CSRF vulnerability with high CVSS3 score (8.8) and notable risks of unauth...
CVE-2018-7307
The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter...