Vulnerability Description
A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. An attacker with a local account can create entities with crafted properties that, when viewed by an administrator, can execute arbitrary JavaScript in the context of the NXRM application.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sonatype | Nexus Repository Manager | >= 3.23.0, < 3.30.1 |
Related Weaknesses (CWE)
References
- https://support.sonatype.com/hc/en-us/articles/1500005031082Vendor Advisory
- https://support.sonatype.com/hc/en-us/categories/201980768-Welcome-to-the-SonatyVendor Advisory
- https://support.sonatype.com/hc/en-us/articles/1500005031082Vendor Advisory
- https://support.sonatype.com/hc/en-us/categories/201980768-Welcome-to-the-SonatyVendor Advisory
FAQ
What is CVE-2021-29159?
CVE-2021-29159 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. An attacker with a local account can create entities with crafted properties that, when vi...
How severe is CVE-2021-29159?
CVE-2021-29159 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-29159?
Check the references section above for vendor advisories and patch information. Affected products include: Sonatype Nexus Repository Manager.