CVE-2018-18282

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-18282
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-18282.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-18282
Aliases
Published
2018-10-12T22:29:00.763Z
Modified
2026-04-10T04:13:57.878253Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Next.js 7.0.0 and 7.0.1 has XSS via the 404 or 500 /_error page.

References

Affected packages

Git / github.com/vercel/next.js

Affected ranges

Type
GIT
Repo
https://github.com/vercel/next.js
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
45c554a3283dfa7ab2dc007f5f03883c738a4b58
Type
GIT
Repo
https://github.com/zeit/next.js
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
3a059688a8a0e10342ce697c89a7faebbeca9629
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ae56c7847f32173c0c6954a124fdaa749d44b5dc
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.1"
        }
    ]
}

Affected versions

1.*
1.0.0
1.0.1
1.0.2
1.1.0
1.1.1
1.1.2
1.2.0
1.2.1
1.2.2
1.2.3
2.*
2.0.0
2.0.0-beta.0
2.0.0-beta.1
2.0.0-beta.10
2.0.0-beta.11
2.0.0-beta.12
2.0.0-beta.13
2.0.0-beta.14
2.0.0-beta.15
2.0.0-beta.16
2.0.0-beta.17
2.0.0-beta.18
2.0.0-beta.19
2.0.0-beta.2
2.0.0-beta.20
2.0.0-beta.21
2.0.0-beta.22
2.0.0-beta.23
2.0.0-beta.24
2.0.0-beta.25
2.0.0-beta.26
2.0.0-beta.27
2.0.0-beta.28
2.0.0-beta.29
2.0.0-beta.3
2.0.0-beta.30
2.0.0-beta.31
2.0.0-beta.32
2.0.0-beta.33
2.0.0-beta.34
2.0.0-beta.35
2.0.0-beta.36
2.0.0-beta.37
2.0.0-beta.38
2.0.0-beta.39
2.0.0-beta.4
2.0.0-beta.40
2.0.0-beta.41
2.0.0-beta.42
2.0.0-beta.5
2.0.0-beta.6
2.0.0-beta.7
2.0.0-beta.8
2.0.0-beta.9
2.0.1
2.1.0
2.1.1
2.2.0
2.3.0
2.3.1
2.3.2
2.4.0
2.4.1
2.4.3
2.4.4
2.4.5
2.4.6
2.4.7
2.4.8
2.4.9
3.*
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.1.0
3.2.0
3.2.1
3.2.2
4.*
4.0.0
4.0.0-beta.1
4.0.0-beta.2
4.0.0-beta.3
4.0.0-beta.4
4.0.0-beta.5
4.0.0-beta.6
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.1.0
4.1.1
4.1.2
4.1.3
4.1.4
4.2.0
4.2.1
4.2.2
4.2.3
5.*
5.0.0
5.1.0
6.*
6.0.0-canary.1
6.0.0-canary.2
6.0.0-canary.3
6.0.0-canary.4
6.0.0-canary.5
6.0.0-canary.6
6.0.0-canary.7
6.0.1-canary.0
6.0.1-canary.1
6.0.1-canary.2
6.0.2-canary.0
6.0.3-canary.0
6.0.3-canary.1
6.0.4-canary.0
6.0.4-canary.1
6.0.4-canary.2
6.0.4-canary.3
6.0.4-canary.4
6.0.4-canary.5
6.0.4-canary.6
6.0.4-canary.7
6.0.4-canary.8
6.0.4-canary.9
6.1.0-canary.0
6.1.1
6.1.2
7.*
7.0.0
7.0.1
7.0.1-canary.0
7.0.1-canary.1
7.0.1-canary.2
7.0.1-canary.3
7.0.1-canary.4
7.0.1-canary.5
7.0.1-canary.6
v2.*
v2.4.2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-18282.json"