Cross-Site Scripting (XSS)

auth0-lock is vulnerable to cross-site scripting. The vulnerability exists in signUp function in actions.js due to lack of sanitization in the additional sign-up fields which allows an attacker to inject and execute arbitrary javascript.