CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14469
https://notcve.org/view.php?id=CVE-2019-14469
In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS. En Nexus Repository Manager versiones anteriores a 3.18.0, los usuarios con privilegios elevados pueden crear un ataque de tipo XSS almacenado. • https://support.sonatype.com/hc/en-us/articles/360033999733-CVE-2019-14469-Nexus-Repository-Manager-3-Cross-Site-Scripting-XSS-2019-07-26 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9630
https://notcve.org/view.php?id=CVE-2019-9630
Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images. Sonatype Nexus Repository Manager anterior a versión 3.17.0, presenta una debilidad por defecto de otorgar a cualquier usuario no identificado permisos de lectura en los archivos e imágenes del repositorio. • https://www.twistlock.com/labs-blog/vulnerabilities-nexus-repository-left-thousands-artifacts-exposed • CWE-276: Incorrect Default Permissions •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9629
https://notcve.org/view.php?id=CVE-2019-9629
Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials). Sonatype Nexus Repository Manager anterior a versión 3.17.0, establece un usuario administrador por defecto con valores predeterminados débiles (credenciales fijas). • https://www.twistlock.com/labs-blog/vulnerabilities-nexus-repository-left-thousands-artifacts-exposed • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-11629
https://notcve.org/view.php?id=CVE-2019-11629
Sonatype Nexus Repository Manager 2.x before 2.14.13 allows XSS. Sonatype Nexus Repository Manager 2.x anteriores a 2.14.13 permiten Corss-Site Scripting (XSS) • https://support.sonatype.com/hc/en-us/articles/360022528733-CVE-2019-11629-Nexus-Repository-Manager-2-Cross-Site-Scripting-XSS-2019-05-02 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16619
https://notcve.org/view.php?id=CVE-2018-16619
Sonatype Nexus Repository Manager before 3.14 allows XSS. Sonatype Nexus Repository Manager en versiones anteriores a la 3.14 permite Cross-Site Scripting (XSS). • https://support.sonatype.com/hc/en-us/articles/360010789893-CVE-2018-16619-Nexus-Repository-Manager-XSS-October-17-2018 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •