CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-11629
https://notcve.org/view.php?id=CVE-2019-11629
Sonatype Nexus Repository Manager 2.x before 2.14.13 allows XSS. Sonatype Nexus Repository Manager 2.x anteriores a 2.14.13 permiten Corss-Site Scripting (XSS) • https://support.sonatype.com/hc/en-us/articles/360022528733-CVE-2019-11629-Nexus-Repository-Manager-2-Cross-Site-Scripting-XSS-2019-05-02 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16619
https://notcve.org/view.php?id=CVE-2018-16619
Sonatype Nexus Repository Manager before 3.14 allows XSS. Sonatype Nexus Repository Manager en versiones anteriores a la 3.14 permite Cross-Site Scripting (XSS). • https://support.sonatype.com/hc/en-us/articles/360010789893-CVE-2018-16619-Nexus-Repository-Manager-XSS-October-17-2018 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16621
https://notcve.org/view.php?id=CVE-2018-16621
Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection. Sonatype Nexus Repository Manager en versiones anteriores a la 3.14 permite la inyección de lenguaje de expresiones Java. • https://securitylab.github.com/advisories/GHSL-2020-015-nxrm-sonatype https://support.sonatype.com/hc/en-us/articles/360010789153-CVE-2018-16621-Nexus-Repository-Manager-Java-Injection-October-17-2018 • CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16620
https://notcve.org/view.php?id=CVE-2018-16620
Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Control. Sonatype Nexus Repository Manager en versiones anteriores a la 3.14 tiene un control de acceso incorrecto. • https://support.sonatype.com/hc/en-us/articles/360010789453-CVE-2018-16620-Nexus-Repository-Manager-Missing-Access-Controls-October-17-2018 • CWE-863: Incorrect Authorization •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12100
https://notcve.org/view.php?id=CVE-2018-12100
Sonatype Nexus Repository Manager versions 3.x before 3.12.0 has XSS in multiple areas in the Administration UI. Sonatype Nexus Repository Manager, en versiones 3.x anteriores a la 3.12.0, tiene Cross-Site Scripting (XSS) en múltiples áreas de la interfaz de usuario de Administración. • https://community.sonatype.com/t/repository-manager-3-12-0-released/31 https://issues.sonatype.org/plugins/servlet/mobile#issue/NEXUS-16870 https://issues.sonatype.org/secure/ReleaseNote.jspa?version=17493&projectId=10001 https://support.sonatype.com/hc/en-us/articles/360018565994-CVE-2018-12100-Nexus-Repository-Manager-3-Cross-Site-Scripting-XSS-June-4th-2018 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •