Sonatype.Nexus.Repository.Manager.CVE-2021-37152.XSS
Description
This indicates an attack attempt to exploit a Cross-Site Scripting Vulnerability in Sonatype Nexus Repository Manager.
The vulnerability is due to rendering of web resources uploaded to nexus repositories in the browser A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation results in the execution of arbitrary code in the security context of the target user's browser.
Affected Products
Sonatype Nexus Repository Manager 3.x prior to 3.33.0
Impact
System Compromise: Remote attackers can execute arbitrary script code in the context of the affected application.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://support.sonatype.com/hc/en-us/articles/4404115639827
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |