Cross-Site Scripting (XSS)
auth0-lock is vulnerable to cross-site scripting XSS. When using Passwordless or Enterprise connection mode, an attacker is able to inject and execute arbitrary Javascript in a victim's browser via the email or phone number in Passwordless connection, and the IdP domain in Enterprise connection...