0.001 Low
EPSS
Percentile
31.7%
auth0-js is vulnerable to cross-site request forgery (CSRF) attacks. These attacks are possible if the state parameter is missing in an authorization response.
state
auth0.com/docs/security/bulletins/cve-2018-7307
github.com/auth0/auth0.js/pull/667