CVE-2021-29159

A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. An attacker with a local account can create entities with crafted properties that, when viewed by an administrator, can execute arbitrary JavaScript in the context of the NXRM application.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:sonatype:nexus_repository_manager:*:*:*:*:*:*:*:*

Information

Published : 2021-04-28 07:15

Updated : 2021-05-05 13:16


NVD link : CVE-2021-29159

Mitre link : CVE-2021-29159


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

sonatype

  • nexus_repository_manager