5 matches found
EUVD-2021-2024
Malware in sbrugna...
Design/Logic Flaw
Next.js is a React framework. Starting with version 10.0.0 and prior to version 12.1.0, Next.js is vulnerable to User Interface UI Misrepresentation of Critical Information. In order to be affected, the next.config.js file must have an images.domains array assigned and the image host assigned in...
CVE-2022-23646
CVE-2022-23646 affects Next.js (React framework) versions 10.0.0 through 12.0.x prior to 12.1.0. The issue is UI misrepresentation of critical information when next.config.js defines an images.domains array and the image host in domains allows user-provided SVG; if next.config.js uses a non-defau...
CVE-2021-39178
Next.js is a React framework. Versions of Next.js between 10.0.0 and 11.0.0 contain a cross-site scripting vulnerability. In order for an instance to be affected by the vulnerability, the next.config.js file must have images.domains array assigned and the image host assigned in images.domains mus...
Cross site scripting
Next.js is a React framework. Versions of Next.js between 10.0.0 and 11.0.0 contain a cross-site scripting vulnerability. In order for an instance to be affected by the vulnerability, the next.config.js file must have images.domains array assigned and the image host assigned in images.domains mus...