EPSS
Percentile
26.2%
auth0-lock is vulnerable to cross-site scripting. The vulnerability exists in signUp function in actions.js due to lack of sanitization in the additional sign-up fields which allows an attacker to inject and execute arbitrary javascript.
signUp
actions.js
github.com/auth0/lock/commit/79ae557d331274b114848150f19832ae341771b1
github.com/auth0/lock/security/advisories/GHSA-7ww6-75fj-jcj7