Sonatype Nexus Repository Manager versions 3.x prior to 3.12.0 has XSS in multiple areas in the Administration UI.
sonatype nexus repository manager