Lucene search
GoogleOSV:CVE-2018-5306HistoryFeb 09, 2018 - 10:29 p.m.
CVE-2018-5306
2018-02-0922:29:01
Google
osv.dev
6
Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 3.x before 3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/…/index.html; (3) the filename in the “File Upload” functionality of the Staging Upload; (4) the username when creating a new user; or (5) the IQ Server URL field in the IQ Server Connection functionality.
| CPE | Name | Operator | Version |
|---|---|---|---|
| nexus-public | eq | release-3.5.0-02 | |
| nexus-public | eq | release-3.4.0-02 | |
| nexus-public | eq | release-3.3.0-01 |
Related
nvd
nvd
CVE-2018-5306
2018-02-09 22:29:01
veracode
veracode
Cross-Site Scripting (XSS)
2019-03-12 02:07:05
prion
prion
Cross site scripting
2018-02-09 22:29:00
cve
cve
CVE-2018-5306
2018-02-09 22:29:01
cvelist
cvelist
CVE-2018-5306
2018-02-09 22:00:00
zdt
zdt
packetstorm
packetstorm
Sonatype Nexus Repository Manager OSS/Pro 2.14.5 / 3.7.1 XSS
2018-02-08 00:00:00