CVE-2021-37699

MEDIUM Year: 2021
CVSS v3 Score
6.1
Medium
CVSS v2 Score
5.8
Medium
Weakness Type
CWE-601
View all →

Vulnerability Description

Next.js is an open source website development framework to be used with the React library. In affected versions specially encoded paths could be used when pages/_error.js was statically generated allowing an open redirect to occur to an external site. In general, this redirect does not directly harm users although can allow for phishing attacks by redirecting to an attacker's domain from a trusted domain. We recommend everyone to upgrade regardless of whether you can reproduce the issue or not. The issue has been patched in release 11.1.0.

Related Vulnerabilities

CVE-2005-10001

MEDIUM
CVSS:6.1(Medium)

A vulnerability was found in Netegrity SiteMinder up to 4.5.1 and classified as critical. Affected by this issue is the file /siteminderagent/pwcgi/smpwservicescgi.exe of the component Login. The mani...

CWE-6012005

CVE-2005-4206

MEDIUM
CVSS:6.1(Medium)

Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to redirect users to other URLs and conduct phishing attacks ...

CWE-6012005

CVE-2008-2052

MEDIUM
CVSS:6.1(Medium)

Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter.

CWE-6012008

CVE-2008-2951

MEDIUM
CVSS:6.1(Medium)

Open redirect vulnerability in the search script in Trac before 0.10.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter, possi...

CWE-6012008

CVE-2010-3661

MEDIUM
CVSS:6.1(Medium)

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Open Redirection on the backend.

CWE-6012010