exploitDog

CVE-2019-20174

Опубликовано: 03 фев. 2020

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Auth0 Lock before 11.21.0 allows XSS when additionalSignUpFields is used with an untrusted placeholder.

Ссылки

https://auth0.com/docs/security/bulletins/cve-2019-20174
Exploit
Vendor Advisory
https://github.com/auth0/lock/releases/tag/v11.21.0
Release Notes
Third Party Advisory
https://auth0.com/docs/security/bulletins/cve-2019-20174
Exploit
Vendor Advisory
https://github.com/auth0/lock/releases/tag/v11.21.0
Release Notes
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:auth0:lock:*:*:*:*:*:*:*:*

Версия до 11.21.0 (исключая)

EPSS

Процентиль: 64%

0.0046

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-w2pf-g6r8-pg22

CVSS3: 6.1

github

около 6 лет назад

auth0-lock vulnerable to XSS via unsanitized placeholder property

EPSS

Процентиль: 64%

0.0046

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79