WEB APPLICATION VULNERABILITIES Standard & Premium

Next.js Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-18282)

Description

Next.js 7.0.0 and 7.0.1 has XSS via the 404 or 500 /_error page.

Remediation

References

Related Vulnerabilities

WordPress Plugin Essential Addons for Elementor Security Bypass (5.7.1)

WordPress Plugin Unlimited Elements For Elementor (Free Widgets, Addons, Templates) SQL Injection (1.5.109)

OpenSSL Other Vulnerability (CVE-2010-4180)

YOURLS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3783)

WordPress Plugin Quiz and Survey Master (QSM)-Easy Quiz and Survey Maker Unspecified Vulnerability (6.3.5)

Severity

Medium

Classification

CVE-2018-18282 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities