Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. An authenticated attacker with the ability to add HTML files to a repository could redirect users to Nexus Repository Manager’s pages with code modifications.
References
Link | Resource |
---|---|
https://support.sonatype.com | Vendor Advisory |
https://support.sonatype.com/hc/en-us/articles/4404115639827 | Vendor Advisory |
Configurations
History
No history.
Information
Published : 2021-08-10 14:15
Updated : 2024-02-28 18:28
NVD link : CVE-2021-37152
Mitre link : CVE-2021-37152
CVE.ORG link : CVE-2021-37152
JSON object : View
Products Affected
sonatype
- nexus_repository_manager
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')