CVE-2021-37152

MEDIUM

Sonatype Nexus Repository Manager < 3.33.0 - XSS

Title source: rule

Description

Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. An authenticated attacker with the ability to add HTML files to a repository could redirect users to Nexus Repository Manager’s pages with code modifications.

Exploits (2)

nomisec WORKING POC

by SecurityAnalysts · poc

https://github.com/SecurityAnalysts/CVE-2021-37152

View Code ZIP pw:eip

inthewild

poc

https://github.com/lhashashinl/cve-2021-37152

View on inthewild

References (2)

[Vendor Advisory] https://support.sonatype.com

[Vendor Advisory] https://support.sonatype.com/hc/en-us/articles/4404115639827

Scores

CVSS v3 5.4

EPSS 0.0321

EPSS Percentile 87.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

sonatype/nexus_repository_manager 3.0.0 - 3.33.0

Published Aug 10, 2021

Tracked Since Feb 18, 2026