Bugtraq: SEC Consult SA-20180208-0 ::...

Bugtraq: SEC Consult SA-20180208-0 :: Multiple Cross-Site Scripting...

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Cross-Site Scripting Vulnerabilities product: Sonatype Nexus Repository Manager OSS/Pro vulnerable version: sectest Vulnerable parameters: -) repoId -) format 2) Stored XSS vulnerabilities ***Please note that only users with access to the respective functionalities are susceptive to the following stored XSS vulnerabilities.*** 2.1) The staging upload allows an attacker to upload a file, which contains a JavaScript payload in the filename.

Start the conversation, or Read more at Security Focus.

Add your comments below

Characters left: 4000

Please note by submitting this form you acknowledge that you have read the Terms of Service and the comment you are posting is in compliance with such terms. Be polite. Inappropriate posts may be removed by the moderator. Send us your feedback.

Sonatype Discussions

Title Updated Last By Comments
Maven plug-in for eclipse not fully functional (Dec '11) Dec '11 ApacheOmega 1