CVE-2021-29159

Name of the Vulnerable Software and Affected Versions: Nexus Repository Manager versions prior to 3.30.1

Description: A cross-site scripting (XSS) issue has been found. It allows an attacker with a local account to create entities with crafted properties. When an administrator views these entities, arbitrary JavaScript can be executed in the context of the NXRM application.

Recommendations: For versions prior to 3.30.1, update to version 3.30.1 or later to resolve the issue. As a temporary workaround, consider restricting access to entity creation for local accounts to minimize the risk of exploitation.