Skip to main content

Nexus Repository Manager CVE-2021-29159

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2021-04-28 cve@mitre.org
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Apr 28, 2021 - 14:15 nvd
MEDIUM 6.1

DescriptionNVD

A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. An attacker with a local account can create entities with crafted properties that, when viewed by an administrator, can execute arbitrary JavaScript in the context of the NXRM application.

AnalysisAI

A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. An attacker with a local account can create entities with crafted properties that, when viewed by an administrator, can execute arbitrary JavaScript in the context of the NXRM application. Affected products include: Sonatype Nexus Repository Manager. Version information: before 3.30.1..

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2019-7238 CRITICAL POC
9.8 Mar 21

Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control. Rated critical severity (CVSS 9.8), this v

CVE-2019-5475 HIGH POC
8.8 Sep 03

The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.ja

CVE-2018-16621 HIGH POC
7.2 Nov 15

Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection. Rated high severity (CVSS 7.2),

CVE-2018-5307 MEDIUM POC
6.1 Feb 09

Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 2.x before 2.14.6 al

CVE-2018-5306 MEDIUM POC
6.1 Feb 09

Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 3.x before 3.8 allow

CVE-2017-17717 CRITICAL
9.8 Dec 17

Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP

CVE-2019-9629 CRITICAL
9.8 Jul 08

Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed crede

CVE-2026-11403 HIGH
8.7 Jul 14

Improper API key generation in Sonatype Nexus Repository Manager lets a remote attacker impersonate a targeted user and

CVE-2026-3329 HIGH
8.7 Jun 11

Credential-guessing attacks against Sonatype Nexus Repository Manager are enabled by missing rate-limiting on authentica

CVE-2020-15012 HIGH
8.6 Oct 12

A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. Rated high severity

CVE-2020-15868 HIGH
7.5 Aug 12

Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control. Rated high severity (CVSS 7.5), th

CVE-2019-9630 HIGH
7.5 Jul 08

Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions o

Share

CVE-2021-29159 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy