Cross-Site Scripting Vulnerability in Sonatype Nexus Repository Manager
CVE-2020-15869

5.4MEDIUM

Key Information:

Vendor

Sonatype

Status
Nexus Repository Manager 3
Vendor
CVE Published:
31 July 2020

What is CVE-2020-15869?

An XSS vulnerability exists in Sonatype Nexus Repository Manager OSS/Pro versions prior to 3.25.1. This flaw enables an attacker to inject malicious scripts into web pages viewed by other users, potentially compromising user sessions or sensitive data. Users of affected versions should upgrade to the latest release to mitigate risks associated with this security issue.

References

https://support.sonatype.com
x_refsource_MISC
https://support.sonatype.com/hc/en-us/articles/360051424554
x_refsource_CONFIRM

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.