Vulnerabilities > Sonatype > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-17 | CVE-2020-29436 | XXE vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain access to content outside of NXRM via an XXE vulnerability. | 6.5 |
| 2020-08-25 | CVE-2020-24622 | Insufficiently Protected Credentials vulnerability in Sonatype Nexus In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user. | 4.9 |
| 2020-07-31 | CVE-2020-15870 | Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager 3 Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (Issue 2 of 2). | 6.1 |
| 2020-07-31 | CVE-2020-15869 | Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager 3 Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (issue 1 of 2). | 5.4 |
| 2020-04-27 | CVE-2020-11415 | Cleartext Storage of Sensitive Information vulnerability in Sonatype Nexus Repository Manager An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1. | 4.9 |
| 2020-04-01 | CVE-2020-10203 | Cross-site Scripting vulnerability in Sonatype Nexus Sonatype Nexus Repository before 3.21.2 allows XSS. | 4.8 |
| 2019-08-22 | CVE-2019-14469 | Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS. | 5.4 |
| 2019-05-07 | CVE-2019-11629 | Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager 2.x before 2.14.13 allows XSS. | 6.1 |
| 2018-11-15 | CVE-2018-16619 | Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager before 3.14 allows XSS. | 6.1 |
| 2018-06-11 | CVE-2018-12100 | Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager versions 3.x before 3.12.0 has XSS in multiple areas in the Administration UI. | 4.8 |