Description
A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. An attacker with a local account can create entities with crafted properties that, when viewed by an administrator, can execute arbitrary JavaScript in the context of the NXRM application.
Remediation
References
Related Vulnerabilities
WordPress Plugin MapSVG Lite Arbitrary File Disclosure (4.2.3.1)
WordPress Plugin Rating by BestWebSoft Cross-Site Scripting (0.1)
WordPress 5.3.x Multiple Vulnerabilities (5.3 - 5.3.14)
WordPress Plugin Share Buttons by AddThis Backdoor (2.1.2)
Envoy Proxy Use of Incorrectly-Resolved Name or Reference Vulnerability (CVE-2019-9901)