CVE-2020-15119

Published August 20th, 2020

View on NVD ↗

CVSS v3

6.4

MEDIUM

CVSS v2

3.5

LOW

Affected

PROJECT

Description

In auth0-lock versions before and including 11.25.1, dangerouslySetInnerHTML is used to update the DOM. When dangerouslySetInnerHTML is used, the application and its users might be exposed to cross-site scripting (XSS) attacks.

auth0/lock

Auth0's signin solution

GitHub

1.14K