HTML Injection Vulnerability in Sonatype Nexus Repository Manager
CVE-2021-43961

4.3MEDIUM

Key Information:

Vendor: Sonatype
Status: Nexus Repository Manager
Vendor: CVE Published:; 17 March 2022

What is CVE-2021-43961?

In Sonatype Nexus Repository Manager version 3.36.0, there is a vulnerability that allows attackers to perform HTML injection. This can lead to unauthorized actions and potentially compromise the integrity of the application. Proper validation of user input is essential to prevent these types of vulnerabilities, ensuring that any HTML or script code cannot be executed in a malicious context. Users are encouraged to upgrade to secure versions and review the security implications of running vulnerable versions.

References

https://issues.sonatype.org/secure/ReleaseNote.jspa

x_refsource_MISC

https://support.sonatype.com/hc/en-us/articles/4412183372307

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 17, 2022
Vulnerability Reserved
Nov 17, 2021