CVE-2021-43961: XSS
First published: Thu Mar 17 2022(Updated: )
Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sonatype Nexus Repository Manager | >=3.0.0<3.38.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Sonatype Nexus Repository Manager issue?
The vulnerability ID is CVE-2021-43961.
What is the severity of CVE-2021-43961?
The severity of CVE-2021-43961 is medium with a CVSS score of 4.3.
What is the affected software version for CVE-2021-43961?
Sonatype Nexus Repository Manager versions between 3.0.0 and 3.38.0 are affected.
What is the CWE associated with CVE-2021-43961?
The CWE associated with CVE-2021-43961 is CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')).
How can I fix CVE-2021-43961 in Sonatype Nexus Repository Manager?
To fix CVE-2021-43961, it is recommended to upgrade to a version of Sonatype Nexus Repository Manager that is not affected by the vulnerability.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/tags
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- vendor/sonatype
- canonical/sonatype nexus repository manager
- version/sonatype nexus repository manager/3.0.0