PT-2026-5203 · Vercel · Next.Js
Bram Driesen
+5
·
Published
2026-01-28
·
Updated
2026-02-06
·
CVE-2025-13984
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Next.Js versions 0.0.0 through 1.6.3
Next.Js versions 2.0.0 through 2.0.0
Description
A security issue exists in Next.Js related to a permissive cross-domain security policy with untrusted domains, which can lead to Cross-Site Scripting (XSS). This allows for potential malicious code execution within the context of a user's browser.
Recommendations
Update Next.Js to version 1.6.4 or later.
Update Next.Js to version 2.0.1 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Next.Js