virus logo Intrusion Prevention

Nexus.Repository.Manager.ContentSelectorsApiResource.Stored.XSS

description-logoDescription

This indicates an attack attempt to exploit an Input Validation Error Vulnerability in Sonatype Nexus Repository Manager.
The vulnerability is due to insufficient input validation in the Java class ContentSelectorsApiResource. A remote authenticated attacker can exploit this vulnerability by sending a crafted request to the server. Successful exploitation could result in the execution of script code in the security context of the the target user's browser.

affected-products-logoAffected Products

Sonatype Nexus Repository Manager 3.x prior to 3.21.2

Impact logoImpact

System Compromise: Remote attackers can execute arbitrary script code in the context of the affected application.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://support.sonatype.com/hc/en-us/articles/360044361594-CVE-2020-10203-Nexus-Repository-Manager-3-Cross-Site-Scripting-XSS-2020-03-31

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2023-12-20 26.700 Sig Added
2020-05-11 15.841 Default_action:pass:drop
2020-04-30 15.831
ID 48937
Created Apr 30, 2020
Updated Dec 20, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2020-10203
Exploit Prediction Score 0.16%
Default Action drop
Active
Affected OS Windows, Linux, MacOS
Affected App Other