CVE-2018-5306 is a vulnerability in Sonatype Nexus Repository Manager
Published on February 9, 2018

Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 3.x before 3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; (3) the filename in the "File Upload" functionality of the Staging Upload; (4) the username when creating a new user; or (5) the IQ Server URL field in the IQ Server Connection functionality.

NVD

Products Associated with CVE-2018-5306

Want to know whenever a new CVE is published for Sonatype Nexus Repository Manager? stack.watch will email you.

Sonatype Nexus Repository Manager

Exploit Probability

EPSS

0.33%

Percentile

55.76%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2018-5306 is a vulnerability in Sonatype Nexus Repository ManagerPublished on February 9, 2018

Products Associated with CVE-2018-5306

Exploit Probability

CVE-2018-5306 is a vulnerability in Sonatype Nexus Repository Manager
Published on February 9, 2018