npm/auth0-lock — 4 CVEs

HIGH8.1CVE-2021-32641Reflected XSS when using flashMessages or languageDictionary

from 0, < 11.30.1

MEDIUM6.4CVE-2020-15119DOM-based XSS in auth0-lock

from 0, < 11.26.3

MEDIUM6.1CVE-2022-29172Cross-site Scripting in Auth0 Lock

from 0, < 11.33.0

MEDIUM6.1auth0-lock vulnerable to XSS via unsanitized placeholder property

from 0, < 11.21.0

pkg:npm/auth0-lock