5 matches found
CVE-2021-32641
auth0-lock is Auth0's signin solution. Versions of nauth0-lock before and including 11.30.0 are vulnerable to reflected XSS. An attacker can execute arbitrary code when the library's flashMessage feature is utilized and user input or data from URL parameters is incorporated into the flashMessage ...
CVE-2021-32641
auth0-lock is Auth0's signin solution. Versions of nauth0-lock before and including 11.30.0 are vulnerable to reflected XSS. An attacker can execute arbitrary code when the library's flashMessage feature is utilized and user input or data from URL parameters is incorporated into the flashMessage ...
CVE-2021-32641 Reflected XSS when using flashMessages
auth0-lock is Auth0's signin solution. Versions of nauth0-lock before and including 11.30.0 are vulnerable to reflected XSS. An attacker can execute arbitrary code when the library's flashMessage feature is utilized and user input or data from URL parameters is incorporated into the flashMessage ...
CVE-2021-32641
CVE-2021-32641 affects Auth0-lock (Auth0’s signin solution). Versions up to and including 11.30.0 are vulnerable to a reflected XSS when user input from URL parameters is injected into the library’s flashMessage or languageDictionary features. The issue is addressed in version 11.30.1, which patc...
@apim/auth0-lock-redux (>=1.0.0 <=1.0.2), @brudi-toolbox/id (>=1.4.5-next.1 <=2.0.4-next.2) +36 more potentially affected by CVE-2021-32641 via auth0-lock (>=10.14.0 <=11.28.1)
auth0-lock NPM version =10.14.0, =1.0.0, =1.4.5-next.1, =2.2.0, =1.0.0, =0.1.0, =0.3.0, =0.0.1, =1.0.0, =0.1.0, =0.5.3, =0.1.13, =1.0.0, =0.0.1, =0.0.5 - auth0-react-sample =1.0.0 and more Source cves: CVE-2021-32641 Source advisory: OSV:GHSA-JR3J-WHM4-9WWM...