Sonatype Nexus Repository Manager Cross-Site Scripting Vulnerability (CNVD-2019-07005)

Sonatype Nexus Repository Manager aka NXRM is a maven repository manager. A cross-site scripting vulnerability exists in Sonatype NXRM versions prior to 3.14. A remote attacker can exploit this vulnerability to execute arbitrary JavaScript code in a user's browser...

Design/Logic Flaw

Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection...

Cross site scripting

Sonatype Nexus Repository Manager before 3.14 allows XSS...

CVE-2018-16621

Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection...

CVE-2018-16619

Sonatype Nexus Repository Manager before 3.14 allows XSS...

CVE-2018-16619

Sonatype Nexus Repository Manager before 3.14 allows XSS...

CVE-2018-16621

Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection...

CVE-2018-16619

CVE-2018-16619 affects Sonatype Nexus Repository Manager prior to version 3.14 and is a cross-site scripting (XSS) vulnerability. The issue allows an attacker to execute arbitrary JavaScript in a user’s browser, with exploitation described as remote and requiring user interaction in some sources....

CVE-2018-16621

CVE-2018-16621 affects Sonatype Nexus Repository Manager prior to version 3.14, where Java Expression Language Injection is possible. The root cause is insecure EL handling in the repository manager, enabling injection that can lead to server-side behavior manipulation. In the public records, the...

CVE-2018-16620

Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Control...

CVE-2018-16621

Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection...

Imgur: Ability to login to the Nexus Repo Manager from https://nexus.imgur.com/

Hello Imgur Administrators, I am not sure if this falls in your scope but I wanted to alert you that your Nexus Repository Manager can be accessed through https://nexus.imgur.com/ Usually the default user/pass for the NRM are admin/admin123 but there is an alternative way to login using the below...

Sonatype Nexus Repository Manager Cross-Site Scripting Vulnerability (CNVD-2018-11638)

Sonatype Nexus Repository Manager aka NXRM is a maven repository manager. A cross-site scripting vulnerability exists in Sonatype NXRM versions prior to 3.12.0. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via the Administration UI...

Code injection

Sonatype Nexus Repository Manager versions 3.x before 3.12.0 has XSS in multiple areas in the Administration UI...

CVE-2018-12100

Sonatype Nexus Repository Manager versions 3.x before 3.12.0 has XSS in multiple areas in the Administration UI...

CVE-2018-12100

The CVE-2018-12100 issue affects Sonatype Nexus Repository Manager 3.x prior to 3.12.0, with XSS in multiple Administration UI paths. The underlying cause is insufficient input validation/output sanitization in user-facing parameters, enabling an attacker to inject arbitrary JavaScript into a vic...

Sonatype Nexus Repository Manager Cross-Site Scripting Vulnerability (CNVD-2018-05183)

Sonatype Nexus Repository Manager aka NXRM is a maven repository manager. Multiple cross-site scripting vulnerabilities exist in Sonatype Nexus Repository Manager version 2.x prior to 2.14.6. A remote attacker can exploit the vulnerabilities to inject arbitrary web script or HTML using a variety ...

Sonatype Nexus Repository Manager Cross-Site Scripting Vulnerability

Sonatype Nexus Repository Manager aka NXRM is a maven repository manager. A cross-site scripting vulnerability exists in Sonatype Nexus Repository Manager version 3.x prior to 3.8. The vulnerability can be exploited by remote attackers to inject arbitrary web script or HTML in a variety of ways...

CVE-2018-5307

Multiple cross-site scripting XSS vulnerabilities in Sonatype Nexus Repository Manager aka NXRM 2.x before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via 1 the repoId or 2 format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; 3 the filename...

CVE-2018-5306

Multiple cross-site scripting XSS vulnerabilities in Sonatype Nexus Repository Manager aka NXRM 3.x before 3.8 allow remote attackers to inject arbitrary web script or HTML via 1 the repoId or 2 format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; 3 the filename in...