Cross-site Scripting (XSS)

nexus-core is vulnerable to cross-site scripting XSS. The vulnerability exists as the engineForLanguage method did not validate the language, failing to properly restrict the language to Groovy by default...

org.eclipse.tycho.nexus:unzip-repository-plugin (=0.12.0), org.sonatype.nexus.assemblies:nexus-base-template (>=3.10.0-04 <=3.21.1-01) +27 more potentially affected by CVE-2020-10203 via org.sonatype.nexus:nexus-core (>=2.4.0-1 <=3.21.1-01)

org.sonatype.nexus:nexus-core MAVEN version =2.4.0-1, =3.10.0-04, =3.0.0-03, =2.2.1, =2.2.1, =2.4.0-1, =2.4.0-1, =2.6.0-01, =2.6.0-01, =2.4.0-1, =2.6.0-01, =2.4.0-1, =2.6.0-01, =2.5.0-01, =2.4.0-1, =2.7.0-m1 and more Source cves: CVE-2020-10203 Source advisory:...

org.eclipse.tycho.nexus:unzip-repository-plugin (=0.12.0), org.sonatype.nexus.assemblies:nexus-base-template (>=3.10.0-04 <=3.21.1-01) +27 more potentially affected by CVE-2020-10204 via org.sonatype.nexus:nexus-core (>=2.4.0-1 <=3.21.1-01)

org.sonatype.nexus:nexus-core MAVEN version =2.4.0-1, =3.10.0-04, =3.0.0-03, =2.2.1, =2.2.1, =2.4.0-1, =2.4.0-1, =2.6.0-01, =2.6.0-01, =2.4.0-1, =2.6.0-01, =2.4.0-1, =2.6.0-01, =2.5.0-01, =2.4.0-1, =2.7.0-m1 and more Source cves: CVE-2020-10204 Source advisory:...