Auth0 XSS attack

Jun
22
Auth0 logo beside a headline warning that an XSS flaw in a low-priority app can compromise an entire Auth0 tenant.

An XSS in a low-priority app can compromise your entire Auth0 tenant

A cross-site scripting flaw in a minor internal app can chain with Auth0's default grant settings to reach other applications and APIs across the same tenant. Here's what the attack looks like and what to fix.
3 min read