Skip to main content

Nexus Repository Manager

31 CVEs product

Monthly

CVE-2026-11403 HIGH PATCH This Week

Improper API key generation in Sonatype Nexus Repository Manager lets a remote attacker impersonate a targeted user and perform repository operations on their behalf. The flaw stems from insufficient entropy (CWE-331) in format-specific API key realms, so an attacker who can predict or reconstruct a victim's key gains their access without credentials. The vendor (Sonatype) reported and patched the issue in release 3.93.0; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Docker Authentication Bypass Node.js Nexus Repository Manager
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2026-10741 MEDIUM PATCH This Month

Incorrect authorization in Sonatype Nexus Repository Manager before 3.93.0 permits a delegated repository administrator to read stored upstream proxy credentials beyond their intended authorization scope. The flaw resides in the proxy repository configuration pathway, where role-scoped administrators can retrieve credentials that should be restricted to higher-privilege system-level accounts. No public exploit code has been identified and the vulnerability is not listed in CISA KEV, though the high confidentiality impact on stored upstream credentials is notable given that exposure enables potential unauthorized access to private upstream artifact repositories.

Authentication Bypass Nexus Repository Manager
NVD VulDB
CVSS 4.0
5.9
EPSS
0.3%
CVE-2026-3329 HIGH PATCH This Week

Credential-guessing attacks against Sonatype Nexus Repository Manager are enabled by missing rate-limiting on authentication endpoints, allowing remote unauthenticated attackers to brute-force or password-spray valid user accounts. The flaw stems from improper restriction of excessive authentication attempts (CWE-307) and carries a CVSS 4.0 base score of 8.7 reflecting high confidentiality impact; no public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Information Disclosure Nexus Repository Manager
NVD VulDB
CVSS 4.0
8.7
EPSS
0.2%
CVE-2024-5764 MEDIUM This Month

Use of Hard-coded Credentials vulnerability in Sonatype Nexus Repository has been discovered in the code responsible for encrypting any secrets stored in the Nexus Repository configuration database. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nexus Repository Manager
NVD
CVSS 4.0
5.9
EPSS
0.4%
CVE-2022-27907 MEDIUM This Month

Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Nexus Repository Manager
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-43293 MEDIUM PATCH This Month

Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery (SSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Nexus Repository Manager
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-42568 MEDIUM This Month

Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privileged account. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nexus Repository Manager
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2021-37152 MEDIUM This Month

Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nexus Repository Manager
NVD
CVSS 3.1
5.4
EPSS
24.4%
CVE-2021-34553 MEDIUM PATCH This Month

Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Nexus Repository Manager
NVD
CVSS 3.1
4.3
EPSS
3.7%
CVE-2021-29159 MEDIUM This Month

A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Nexus Repository Manager
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-30635 MEDIUM PATCH This Month

Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal (no customer-specific. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Nexus Repository Manager
NVD
CVSS 3.1
5.3
EPSS
1.8%
CVE-2020-29436 MEDIUM This Month

Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain access to content outside of NXRM via an XXE vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Nexus Repository Manager
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-15012 HIGH PATCH This Week

A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Nexus Repository Manager
NVD
CVSS 3.1
8.6
EPSS
2.6%
CVE-2020-15868 HIGH This Week

Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nexus Repository Manager
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-11415 MEDIUM PATCH This Month

An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Nexus Repository Manager
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2019-15588 HIGH PATCH This Week

There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Java RCE Command Injection Nexus Repository Manager
NVD
CVSS 3.1
7.2
EPSS
5.6%
CVE-2019-16530 Maven HIGH PATCH This Week

Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Nexus Iq Server Nexus Repository Manager
NVD
CVSS 3.1
7.2
EPSS
3.3%
CVE-2019-15893 HIGH This Week

Sonatype Nexus Repository Manager 2.x before 2.14.15 allows Remote Code Execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Nexus Repository Manager
NVD
CVSS 3.1
7.2
EPSS
2.1%
CVE-2019-5475 Maven HIGH POC PATCH THREAT This Week

The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Command Injection Nexus Repository Manager
NVD
CVSS 3.0
8.8
EPSS
18.4%
CVE-2019-14469 MEDIUM This Month

In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nexus Repository Manager
NVD
CVSS 3.0
5.4
EPSS
1.1%
CVE-2019-9630 HIGH This Week

Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Nexus Repository Manager
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-9629 CRITICAL Act Now

Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nexus Repository Manager
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-11629 MEDIUM PATCH This Month

Sonatype Nexus Repository Manager 2.x before 2.14.13 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Nexus Repository Manager
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2019-7238 CRITICAL POC KEV THREAT Act Now

Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nexus Repository Manager
NVD
CVSS 3.1
9.8
EPSS
76.5%
CVE-2018-16621 HIGH POC PATCH This Week

Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Java Code Injection Nexus Repository Manager
NVD GitHub
CVSS 3.1
7.2
EPSS
1.8%
CVE-2018-16620 HIGH This Week

Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nexus Repository Manager
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-16619 MEDIUM This Month

Sonatype Nexus Repository Manager before 3.14 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Nexus Repository Manager
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-12100 MEDIUM This Month

Sonatype Nexus Repository Manager versions 3.x before 3.12.0 has XSS in multiple areas in the Administration UI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nexus Repository Manager
NVD
CVSS 3.0
4.8
EPSS
1.3%
CVE-2018-5307 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 2.x before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Nexus Repository Manager
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-5306 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 3.x before 3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Nexus Repository Manager
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2017-17717 CRITICAL Act Now

Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nexus Repository Manager
NVD
CVSS 3.0
9.8
EPSS
0.1%
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Improper API key generation in Sonatype Nexus Repository Manager lets a remote attacker impersonate a targeted user and perform repository operations on their behalf. The flaw stems from insufficient entropy (CWE-331) in format-specific API key realms, so an attacker who can predict or reconstruct a victim's key gains their access without credentials. The vendor (Sonatype) reported and patched the issue in release 3.93.0; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Docker Authentication Bypass Node.js +1
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Incorrect authorization in Sonatype Nexus Repository Manager before 3.93.0 permits a delegated repository administrator to read stored upstream proxy credentials beyond their intended authorization scope. The flaw resides in the proxy repository configuration pathway, where role-scoped administrators can retrieve credentials that should be restricted to higher-privilege system-level accounts. No public exploit code has been identified and the vulnerability is not listed in CISA KEV, though the high confidentiality impact on stored upstream credentials is notable given that exposure enables potential unauthorized access to private upstream artifact repositories.

Authentication Bypass Nexus Repository Manager
NVD VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Credential-guessing attacks against Sonatype Nexus Repository Manager are enabled by missing rate-limiting on authentication endpoints, allowing remote unauthenticated attackers to brute-force or password-spray valid user accounts. The flaw stems from improper restriction of excessive authentication attempts (CWE-307) and carries a CVSS 4.0 base score of 8.7 reflecting high confidentiality impact; no public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Information Disclosure Nexus Repository Manager
NVD VulDB
EPSS 0% CVSS 5.9
MEDIUM This Month

Use of Hard-coded Credentials vulnerability in Sonatype Nexus Repository has been discovered in the code responsible for encrypting any secrets stored in the Nexus Repository configuration database. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nexus Repository Manager
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Nexus Repository Manager
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery (SSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Nexus Repository Manager
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privileged account. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nexus Repository Manager
NVD
EPSS 24% CVSS 5.4
MEDIUM This Month

Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nexus Repository Manager
NVD
EPSS 4% CVSS 4.3
MEDIUM PATCH This Month

Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Nexus Repository Manager
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Nexus Repository Manager
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal (no customer-specific. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Nexus Repository Manager
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain access to content outside of NXRM via an XXE vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Nexus Repository Manager
NVD
EPSS 3% CVSS 8.6
HIGH PATCH This Week

A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Nexus Repository Manager
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nexus Repository Manager
NVD
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Nexus Repository Manager
NVD
EPSS 6% CVSS 7.2
HIGH PATCH This Week

There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Java RCE Command Injection +1
NVD
EPSS 3% CVSS 7.2
HIGH PATCH This Week

Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Nexus Iq Server +1
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Sonatype Nexus Repository Manager 2.x before 2.14.15 allows Remote Code Execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Nexus Repository Manager
NVD
EPSS 18% CVSS 8.8
HIGH POC PATCH THREAT This Week

The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Command Injection +1
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nexus Repository Manager
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Nexus Repository Manager
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nexus Repository Manager
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Sonatype Nexus Repository Manager 2.x before 2.14.13 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Nexus Repository Manager
NVD
EPSS 77% CVSS 9.8
CRITICAL POC KEV THREAT Act Now

Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nexus Repository Manager
NVD
EPSS 2% CVSS 7.2
HIGH POC PATCH This Week

Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Java Code Injection Nexus Repository Manager
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nexus Repository Manager
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Sonatype Nexus Repository Manager before 3.14 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Nexus Repository Manager
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

Sonatype Nexus Repository Manager versions 3.x before 3.12.0 has XSS in multiple areas in the Administration UI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nexus Repository Manager
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 2.x before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Nexus Repository Manager
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 3.x before 3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Nexus Repository Manager
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nexus Repository Manager
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy