WEB APPLICATION VULNERABILITIES Standard & Premium

Nexus Repository Manager Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-29159)

Description

A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. An attacker with a local account can create entities with crafted properties that, when viewed by an administrator, can execute arbitrary JavaScript in the context of the NXRM application.

Remediation

References

Related Vulnerabilities

WordPress Plugin Sharebar Cross-Site Scripting and SQL Injection Vulnerabilities (1.2.1)

Oracle JRE CVE-2017-10309 Vulnerability (CVE-2017-10309)

WordPress Plugin Virtue/Pinnacle ToolKit Unspecified Vulnerability (2.5)

Ampache Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-41665)

WordPress Plugin Everest GPlaces Business Reviews includes Backdoor [Only if downloaded via the vendor website] (1.0.9)

Severity

Medium

Classification

CVE-2021-29159 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities