CVE-2018-12100: XSS
First published: Mon Jun 11 2018(Updated: )
Sonatype Nexus Repository Manager versions 3.x before 3.12.0 has XSS in multiple areas in the Administration UI.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sonatype Nexus Repository Manager | >=3.3.0<3.12.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://community.sonatype.com/t/repository-manager-3-12-0-released/31
- https://issues.sonatype.org/plugins/servlet/mobile#issue/NEXUS-16870
- https://issues.sonatype.org/secure/ReleaseNote.jspa?version=17493&projectId=10001
- https://support.sonatype.com/hc/en-us/articles/360018565994-CVE-2018-12100-Nexus-Repository-Manager-3-Cross-Site-Scripting-XSS-June-4th-2018
Frequently Asked Questions
What is Sonatype Nexus Repository Manager?
Sonatype Nexus Repository Manager is a software application used for managing and organizing software artifacts.
What is XSS?
XSS (Cross-Site Scripting) is a type of security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.
What is the severity of CVE-2018-12100?
The severity of CVE-2018-12100 is medium with a CVSS score of 4.8.
How does CVE-2018-12100 impact Sonatype Nexus Repository Manager?
CVE-2018-12100 allows for XSS attacks in multiple areas of the Administration UI in Sonatype Nexus Repository Manager.
How can I fix CVE-2018-12100?
To fix CVE-2018-12100, upgrade your Sonatype Nexus Repository Manager to version 3.12.0 or later.
- collector/nvd-index
- agent/severity
- agent/author
- agent/event
- agent/type
- agent/weakness
- agent/references
- agent/description
- agent/tags
- agent/last-modified-date
- agent/first-publish-date
- vendor/sonatype
- canonical/sonatype nexus repository manager
- version/sonatype nexus repository manager/3.3.0