CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-11629
https://notcve.org/view.php?id=CVE-2019-11629
Sonatype Nexus Repository Manager 2.x before 2.14.13 allows XSS. Sonatype Nexus Repository Manager 2.x anteriores a 2.14.13 permiten Corss-Site Scripting (XSS) • https://support.sonatype.com/hc/en-us/articles/360022528733-CVE-2019-11629-Nexus-Repository-Manager-2-Cross-Site-Scripting-XSS-2019-05-02 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 97%CPEs: 1EXPL: 3CVE-2019-7238 – Sonatype Nexus Repository Manager Incorrect Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2019-7238
Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control. Sonatype Nexus Repository Manager, en versiones anteriores a la 3.15.0, tiene un control de acceso incorrecto. Sonatype Nexus Repository Manager before 3.15.0 has an incorrect access control vulnerability. Exploitation allows for remote code execution. • https://github.com/mpgn/CVE-2019-7238 https://github.com/jas502n/CVE-2019-7238 https://github.com/smallpiggy/CVE-2019-7238 https://support.sonatype.com/hc/en-us/articles/360017310793-CVE-2019-7238-Nexus-Repository-Manager-3-Missing-Access-Controls-and-Remote-Code-Execution-February-5th-2019 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16619
https://notcve.org/view.php?id=CVE-2018-16619
Sonatype Nexus Repository Manager before 3.14 allows XSS. Sonatype Nexus Repository Manager en versiones anteriores a la 3.14 permite Cross-Site Scripting (XSS). • https://support.sonatype.com/hc/en-us/articles/360010789893-CVE-2018-16619-Nexus-Repository-Manager-XSS-October-17-2018 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16621
https://notcve.org/view.php?id=CVE-2018-16621
Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection. Sonatype Nexus Repository Manager en versiones anteriores a la 3.14 permite la inyección de lenguaje de expresiones Java. • https://securitylab.github.com/advisories/GHSL-2020-015-nxrm-sonatype https://support.sonatype.com/hc/en-us/articles/360010789153-CVE-2018-16621-Nexus-Repository-Manager-Java-Injection-October-17-2018 • CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16620
https://notcve.org/view.php?id=CVE-2018-16620
Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Control. Sonatype Nexus Repository Manager en versiones anteriores a la 3.14 tiene un control de acceso incorrecto. • https://support.sonatype.com/hc/en-us/articles/360010789453-CVE-2018-16620-Nexus-Repository-Manager-Missing-Access-Controls-October-17-2018 • CWE-863: Incorrect Authorization •