Arbitrary JavaScript Execution via Crafted Properties in Nexus Repository Manager 3.x before 3.30.1

Arbitrary JavaScript Execution via Crafted Properties in Nexus Repository Manager 3.x before 3.30.1

CVE-2021-29159 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. An attacker with a local account can create entities with crafted properties that, when viewed by an administrator, can execute arbitrary JavaScript in the context of the NXRM application.

Learn more about our Web Application Penetration Testing UK.