Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Nexus Repository Manager Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-5306) - Vulnerability Database

Nexus Repository Manager Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-5306)

Description

Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 3.x before 3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; (3) the filename in the "File Upload" functionality of the Staging Upload; (4) the username when creating a new user; or (5) the IQ Server URL field in the IQ Server Connection functionality.

References

CVE-2018-5306

Related Vulnerabilities

XWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-32732) Medium
Common tags: Missing Update Known Vulnerabilities
Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-7741) Medium
Common tags: Missing Update Known Vulnerabilities
Moodle Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-6970) High
Common tags: Missing Update Known Vulnerabilities
Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-6975) High
Common tags: Missing Update Known Vulnerabilities
PHP Out-of-bounds Write Vulnerability (CVE-2019-6977) High
Common tags: Missing Update Known Vulnerabilities

Severity

Medium

Classification

CVE-2018-5306
CWE-707
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update
Known Vulnerabilities