In Nexus Repository Manager prior to 3.18.0, users with elevated privileges can create stored XSS.
sonatype nexus repository manager