A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. An attacker with a local account can create entities with crafted properties that, when viewed by an administrator, can execute arbitrary JavaScript in the context of the NXRM application.
CPE | Name | Operator | Version |
---|---|---|---|
nexus_repository_manager | ge | 3.23.0 | |
nexus_repository_manager | lt | 3.30.1 |