Description Next.js 7.0.0 and 7.0.1 has XSS via the 404 or 500 /_error page. Remediation References CVE-2018-18282 Related Vulnerabilities WordPress Plugin Tune Library SQL Injection (1.5.4) WordPress Plugin Share This Image Unspecified Vulnerability (1.19) WordPress Plugin Display Users SQL Injection (2.0.0) XOOPS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-7290) WebLogic CVE-2020-14652 Vulnerability (CVE-2020-14652) Severity Medium Classification CVE-2018-18282 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Tags Missing Update Known Vulnerabilities