What the vulnerability does
01Description
Permissive Cross-domain Security Policy with Untrusted Domains vulnerability in Drupal Next.Js allows Cross-Site Scripting (XSS).This issue affects Next.Js: from 0.0.0 before 1.6.4, from 2.0.0 before 2.0.1.
CVSS base score
What the vulnerability does
Permissive Cross-domain Security Policy with Untrusted Domains vulnerability in Drupal Next.Js allows Cross-Site Scripting (XSS).This issue affects Next.Js: from 0.0.0 before 1.6.4, from 2.0.0 before 2.0.1.
Explanation of Vulnerability in Simple Terms
A vulnerability exists in the Drupal Next.js module affecting versions before 1.6.4. The specific attack vector and impact are not fully documented in available metadata. Site administrators should update to version 1.6.4 or later to ensure protection. Review the official Drupal security advisory for detailed mitigation steps.
What an attacker can do
Unknown; insufficient CVSS and CWE data to determine attack capability.
Potential impact on your site
Sites running Drupal Next.js module < 1.6.4 may be at risk; update immediately to 1.6.4.
Conditions required to exploit
Unknown; CVSS vector data not available.
Key dates
External resources