Medium severityNVD Advisory· Published May 11, 2026· Updated May 13, 2026
CVE-2026-7308
CVE-2026-7308
Description
An authenticated user with upload permission to a hosted repository can store content that causes arbitrary JavaScript to execute in the browser of any user who browses that repository directory via the HTML index page in Sonatype Nexus Repository versions 3.6.0 through versions before 3.92.0. This could allow the attacker to perform actions in the context of the victim's session.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: >=3.6.0, <3.92.0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.