Published: 09/02/2018 Updated: 27/02/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 2.x prior to 2.14.6 allow remote malicious users to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; (3) the filename in the "File Upload" functionality of the Staging Upload; (4) the username when creating a new user; or (5) the IQ Server URL field in the IQ Server Connection functionality.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sonatype nexus repository manager

Sonatype Nexus Repository Manager OSS/Pro versions 2145 and below and 371 and below suffer from multiple cross site scripting vulnerabilities ...

CWE-79 https://www.sec-consult.com/en/blog/advisories/multiple-cross-site-scripting-vulnerabilities-in-sonatype-nexus-repository-manager-oss-pro/index.html https://support.sonatype.com/hc/en-us/articles/360000134928 http://seclists.org/fulldisclosure/2018/Feb/23 https://nvd.nist.gov https://packetstormsecurity.com/files/146309/Sonatype-Nexus-Repository-Manager-OSS-Pro-2.14.5-3.7.1-XSS.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-5307

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect