CNNVD-202601-4679 Information

CNNVD ID

CNNVD-202601-4679

Related CVE

CVE-2025-13984

• CNNVD Published: 2026-01-28

Description (Chinese)

Drupal Next.js是Drupal社区的一个实现 Drupal 与 Next.js 深度集成的解耦模块。 Drupal Next.js 1.6.4之前版本和2.0.1之前版本存在安全漏洞，该漏洞源于跨域安全策略过于宽松，可能导致跨站脚本攻击。

Description (English)

Drupal Next.js is a decomposition module for the Drupal community that integrates Drupal and Next.js in depth. There was a security loophole in previous versions of Drupal Next.js 1.6.4 and before 2.0.1, which stemmed from a loose cross-border security strategy that could lead to a cross-site scrip attack.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

Drupal

Published

2026-01-28

Last Modified

2026-02-24

References

https://www.drupal.org/sa-contrib-2025-122

Patch

https://www.drupal.org/sa-contrib-2025-122