CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-13984

Permissive Cross-domain Security Policy with Untrusted Domains vulnerability in Drupal Next.Js allows Cross-Site Scripting (XSS).This issue affects Next.Js: from 0.0.0 before 1.6.4, from 2.0.0 before 2.0.1.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 16.4%

CVSS Severity

CVSS v3 Score 6.1

References

https://www.drupal.org/sa-contrib-2025-122

Products affected by CVE-2025-13984

Kanopi » Next.js » Version: 1.0.0

cpe:2.3:a:kanopi:next.js:1.0.0
Kanopi » Next.js » Version: 1.1.0

cpe:2.3:a:kanopi:next.js:1.1.0
Kanopi » Next.js » Version: 1.2.0

cpe:2.3:a:kanopi:next.js:1.2.0
Kanopi » Next.js » Version: 1.3.0

cpe:2.3:a:kanopi:next.js:1.3.0
Kanopi » Next.js » Version: 1.3.1

cpe:2.3:a:kanopi:next.js:1.3.1
Kanopi » Next.js » Version: 1.4.0

cpe:2.3:a:kanopi:next.js:1.4.0
Kanopi » Next.js » Version: 1.5.0

cpe:2.3:a:kanopi:next.js:1.5.0
Kanopi » Next.js » Version: 1.6.0

cpe:2.3:a:kanopi:next.js:1.6.0
Kanopi » Next.js » Version: 1.6.1

cpe:2.3:a:kanopi:next.js:1.6.1
Kanopi » Next.js » Version: 1.6.2

cpe:2.3:a:kanopi:next.js:1.6.2
Kanopi » Next.js » Version: 1.6.3

cpe:2.3:a:kanopi:next.js:1.6.3
Kanopi » Next.js » Version: 2.0.0

cpe:2.3:a:kanopi:next.js:2.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-13984

Products

Pricing

Contact Us