auth0-aspnet and auth0-aspnet-owin is vulnerable to cross-site request forgery (CSRF). The lack of use and verification of the state
parameter in OAuth 2.0 and OpenID Connect protocols, which prevented the application from verifying the authenticity of requests, allows an attacker to inject their authorization code into victim’s session and perform requests on behalf of the user.