First published: Thu Mar 17 2022(Updated: )
Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Sonatype Nexus Repository Manager | >=3.0.0<3.38.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-43961.
The severity of CVE-2021-43961 is medium with a CVSS score of 4.3.
Sonatype Nexus Repository Manager versions between 3.0.0 and 3.38.0 are affected.
The CWE associated with CVE-2021-43961 is CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')).
To fix CVE-2021-43961, it is recommended to upgrade to a version of Sonatype Nexus Repository Manager that is not affected by the vulnerability.