Auth0 < 3.11.3 – Unauthenticated Reflected XSS via wle Parameter | CVE 2019-20173

Affects Plugins

auth0

Fixed in 3.11.3

References

CVE

CVE-2019-20173

URL

https://auth0.com/docs/security/bulletins/cve-2019-20173

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.1 (medium)

Miscellaneous

Verified

No

WPVDB ID

d3effca5-cad0-4582-bcba-180c9bfc398a

Timeline

Publicly Published

2020-01-31 (about 6 years ago)

Added

2020-02-05 (about 6 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2020-12-04

Title

Themify Portfolio Post < 1.1.6 - Authenticated Stored Cross-Site Scripting

Published

2025-03-31

Title

Timeline Event History <= 3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2019-07-17

Title

All-in-One WP Migration < 7.0 - Authenticated Cross-Site Scripting (XSS)

Published

2023-06-02

Title

Kanban Boards for WordPress < 2.5.21 - Admin+ Stored XSS

Published

2023-11-29

Title

Ads by datafeedr.com <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting