CVE-2020-15119 MEDIUM

CVE-2020-15119: DOM-based XSS in auth0-lock

Vendor Auth0
Product lock
Weakness CWE-79 · XSS
Published August 19, 2020
Last update August 4, 2024
View on NVD All CVEs

CVSS base score

6.4/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

In auth0-lock versions before and including 11.25.1, dangerouslySetInnerHTML is used to update the DOM. When dangerouslySetInnerHTML is used, the application and its users might be exposed to cross-site scripting (XSS) attacks.

Key dates

02Disclosure timeline

August 19, 2020 CVE published
August 4, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2022-1673 WooCommerce Green Wallet Gateway < 1.0.2 - Reflected Cross Site Scripting in checkout page CVE-2022-45812 WordPress Exxp Plugin <= 2.6.8 is vulnerable to Cross Site Scripting (XSS) CVE-2024-50468 WordPress Raptor Editor plugin <= 1.0.20 - Cross Site Scripting (XSS) vulnerability CVE-2024-11093 SG Helper <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload CVE-2025-6778 code-projects Food Distributor Site save_settings.php cross site scripting