412 matches found
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Sonatype Nexus Repository Manager aka NXRM 2.x before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via 1 the repoId or 2 format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; 3 the filename...
CVE-2018-5307
Multiple cross-site scripting XSS vulnerabilities in Sonatype Nexus Repository Manager aka NXRM 2.x before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via 1 the repoId or 2 format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; 3 the filename...
CVE-2018-5306
Multiple cross-site scripting XSS vulnerabilities in Sonatype Nexus Repository Manager aka NXRM 3.x before 3.8 allow remote attackers to inject arbitrary web script or HTML via 1 the repoId or 2 format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; 3 the filename in...
CVE-2018-5306
CVE-2018-5306 affects Sonatype Nexus Repository Manager (NXRM) 3.x prior to 3.8. An XSS flaw exists across multiple vectors: repoId/format in healthCheckFileDetail, File Upload in Staging Upload, username during user creation, and IQ Server URL field in IQ Server Connection. Exploitation could in...
CVE-2018-5307
Summary: CVE-2018-5307 covers multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (NXRM) 2.x prior to 2.14.6, with exploitation possible via several parameters/files (repoId, format parameter to healthCheckFileDetail, staging upload filename, username on user ...
Sonatype Nexus Repository Manager OSS/Pro 2.14.5 / 3.7.1 XSS
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Cross-Site Scripting Vulnerabilities product: Sonatype Nexus Repository Manager OSS/Pro vulnerable version: =2.14.5, =3.7.1 fixed version: 2.14.6, 3.8.0 CVE...
The vulnerability of Sonatype Nexus Repository Manager, related to the use of cryptographic algorithms containing defects, allows a perpetrator to gain access to authentication data.
The vulnerability of Sonatype Nexus Repository Manager is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to user authentication data and other sensitive information...
Sonatype Nexus Repository Manager Weak Password Vulnerability
Sonatype Nexus Repository Manager is a maven repository manager. A security vulnerability exists in the LDAP integration feature in Sonatype Nexus Repository Manager 2.14.5 and earlier versions, which stems from the program's use of hard-coded CMMDwoV values to encrypt passwords. An attacker coul...
Sonatype Nexus Repository Manager 2.x Weak Password Encryption Vulnerability (Dec 2017)
Sonatype Nexus Repository Manager has a weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Hardcoded credentials
Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature...
CVE-2017-17717
Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature...
Sonatype Nexus Repository Manager Detection
Binary data sonatypenexusdetect.nbin...