Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. An authenticated attacker with the ability to add HTML files to a repository could redirect users to Nexus Repository Manager’s pages with code modifications.
References
Link | Resource |
---|---|
https://support.sonatype.com | Vendor Advisory |
https://support.sonatype.com/hc/en-us/articles/4404115639827 | Vendor Advisory |
https://support.sonatype.com | Vendor Advisory |
https://support.sonatype.com/hc/en-us/articles/4404115639827 | Vendor Advisory |
Configurations
History
21 Nov 2024, 06:14
Type | Values Removed | Values Added |
---|---|---|
References | () https://support.sonatype.com - Vendor Advisory | |
References | () https://support.sonatype.com/hc/en-us/articles/4404115639827 - Vendor Advisory |
Information
Published : 2021-08-10 14:15
Updated : 2024-11-21 06:14
NVD link : CVE-2021-37152
Mitre link : CVE-2021-37152
CVE.ORG link : CVE-2021-37152
JSON object : View
Products Affected
sonatype
- nexus_repository_manager
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')