VYPR

Nexus Repository Manager OSS/Pro

by Sonatype

CVEs (34)

  • CVE-2018-5306MedFeb 9, 2018
    risk 0.40cvss 6.1epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 3.x before 3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../inde…

  • CVE-2021-37152MedAug 10, 2021
    risk 0.37cvss 5.4epss 0.24

    Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. An authenticated attacker with the ability to add HTML files to a repository could redirect users to Nexus Repository Manager’s pages with code modifications.

  • CVE-2021-30635MedApr 27, 2021
    risk 0.35cvss 5.3epss 0.02

    Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal (no customer-specific data is exposed).

  • CVE-2020-15869MedJul 31, 2020
    risk 0.35cvss 5.4epss 0.01

    Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (issue 1 of 2).

  • CVE-2019-14469MedAug 22, 2019
    risk 0.35cvss 5.4epss 0.01

    In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS.

  • CVE-2021-29158MedApr 23, 2021
    risk 0.32cvss 4.9epss 0.01

    Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has Incorrect Access Control.

  • CVE-2020-11415MedApr 27, 2020
    risk 0.32cvss 4.9epss 0.01

    An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1. Admin users can retrieve the LDAP server system username/password (as configured in nxrm) in cleartext.

  • CVE-2018-12100MedJun 11, 2018
    risk 0.31cvss 4.8epss 0.01

    Sonatype Nexus Repository Manager versions 3.x before 3.12.0 has XSS in multiple areas in the Administration UI.

  • CVE-2022-27907MedMar 30, 2022
    risk 0.28cvss 4.3epss 0.01

    Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF.

  • CVE-2021-43961MedMar 17, 2022
    risk 0.28cvss 4.3epss 0.01

    Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection.

  • CVE-2021-43293MedNov 4, 2021
    risk 0.28cvss 4.3epss 0.01

    Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery (SSRF).

  • CVE-2021-42568MedNov 2, 2021
    risk 0.28cvss 4.3epss 0.00

    Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privileged account.

  • CVE-2021-34553MedJun 18, 2021
    risk 0.28cvss 4.3epss 0.04

    Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been granted access.

  • CVE-2026-10741Jun 17, 2026
    risk 0.00cvss epss 0.00

    Sonatype Nexus Repository Manager before 3.93.0 contains an authorization vulnerability in the proxy repository configuration that allows a delegated repository administrator to disclose stored upstream proxy credentials.

Page 2 of 2