Medium severity6.1NVD Advisory· Published Feb 9, 2018· Updated Jun 17, 2026
CVE-2018-5306
CVE-2018-5306
Description
Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 3.x before 3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; (3) the filename in the "File Upload" functionality of the Staging Upload; (4) the username when creating a new user; or (5) the IQ Server URL field in the IQ Server Connection functionality.
Affected products
2- Range: <3.8
Patches
Vulnerability mechanics
References
3- www.sec-consult.com/en/blog/advisories/multiple-cross-site-scripting-vulnerabilities-in-sonatype-nexus-repository-manager-oss-pro/index.htmlnvdExploitThird Party Advisory
- seclists.org/fulldisclosure/2018/Feb/23nvdMailing ListThird Party Advisory
- support.sonatype.com/hc/en-us/articles/360000134968nvdVendor Advisory
News mentions
0No linked articles in our index yet.