CVE-2021-29159: XSS
First published: Wed Apr 28 2021(Updated: )
A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. An attacker with a local account can create entities with crafted properties that, when viewed by an administrator, can execute arbitrary JavaScript in the context of the NXRM application.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sonatype Nexus Repository Manager | >=3.23.0<3.30.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-29159?
CVE-2021-29159 is a cross-site scripting (XSS) vulnerability in Nexus Repository Manager 3.x before version 3.30.1.
How does CVE-2021-29159 affect Nexus Repository Manager?
CVE-2021-29159 allows an attacker with a local account to create entities with crafted properties that, when viewed by an administrator, can execute arbitrary JavaScript in the context of the NXRM application.
What is the severity of CVE-2021-29159?
The severity of CVE-2021-29159 is classified as medium with a CVSS score of 6.1.
How can I fix CVE-2021-29159?
To fix CVE-2021-29159, you should update Nexus Repository Manager to version 3.30.1 or newer.
Where can I find more information about CVE-2021-29159?
You can find more information about CVE-2021-29159 in the Sonatype Support Knowledge Base.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/tags
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- vendor/sonatype
- canonical/sonatype nexus repository manager
- version/sonatype nexus repository manager/3.23.0