Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Nexus Repository Manager Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2021-37152 - Vulnerability Database
Nexus Repository Manager

Nexus Repository Manager Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2021-37152

Medium
Reference: CVE-2021-37152
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2021-37152
Title: Nexus Repository Manager Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. An authenticated attacker with the ability to add HTML files to a repository could redirect users to Nexus Repository Managers pages with code modifications.