nexus-core is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject arbitrary Javascript into a victim’s browser via the repoId
and format
parameters of the healthCheckFileDetail
function, the file name in the File Upload functionality of Staging Upload, the username
when creating a new user, and the IQ Server URL
field in the IQ Server Connection
.
CPE | Name | Operator | Version |
---|---|---|---|
nexus-core | le | 3.7.1-02 |