Security Advisory

CVE-2025-13984

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-01-28 20:02:22

Last updated 2026-01-29 18:24:28

Assigner drupal

State PUBLISHED

Description

Permissive Cross-domain Security Policy with Untrusted Domains vulnerability in Drupal Next.Js allows Cross-Site Scripting (XSS).This issue affects Next.Js: from 0.0.0 before 1.6.4, from 2.0.0 before 2.0.1.

← Browse all CVEs View on cve.org ↗