CVE-2026-3438

MEDIUM

Nexus Repository 3 - Reflected Cross-Site Scripting (XSS) in ?describe Pages

Title source: cna

Description

A reflected cross-site scripting vulnerability exists in Sonatype Nexus Repository versions 3.0.0 through 3.90.2 that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted URL. Exploitation requires user interaction.

References (2)

Scores

CVSS v4 5.1
EPSS 0.0030
EPSS Percentile 53.6%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N

Details

CWE
CWE-79
Status published
Products (1)
Sonatype/Nexus Repository 3.0.0 - 3.91.0
Published Apr 08, 2026
Tracked Since Apr 09, 2026