Cross-Site Scripting (XSS)
Auth0-Lock is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary and execute arbitrary Javascript into a user's browser via the placeholder property. Customers using the additionalSignUpFields customization option are affected...