WEB APPLICATION VULNERABILITIES Standard & Premium

Nexus Repository Manager Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-12100)

Description

Sonatype Nexus Repository Manager versions 3.x before 3.12.0 has XSS in multiple areas in the Administration UI.

Remediation

References

Related Vulnerabilities

Magento Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2020-9576)

WordPress Plugin Manual Image Crop Cross-Site Scripting (1.10)

SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-1450)

SharePoint CVE-2023-36764 Vulnerability (CVE-2023-36764)

WordPress Plugin WooCommerce EnvioPack Cross-Site Scripting (1.2)

Severity

Medium

Classification

CVE-2018-12100 CWE-707 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities