WEB APPLICATION VULNERABILITIES Standard & Premium

Nexus Repository Manager Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-12100)

Description

Sonatype Nexus Repository Manager versions 3.x before 3.12.0 has XSS in multiple areas in the Administration UI.

Remediation

References

Related Vulnerabilities

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-8756)

WordPress Plugin Timeline Calendar SQL Injection (1.2)

Joomla! Core Denial of Service (2.5.0 - 3.9.27)

MySQL CVE-2013-5807 Vulnerability (CVE-2013-5807)

YetiForce CRM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-1411)

Severity

Medium

Classification

CVE-2018-12100 CWE-707 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities