PT-2026-39723 · Sonatype · Nexus Repository
Ky0Tofu
·
Published
2026-05-11
·
Updated
2026-05-11
·
CVE-2026-7308
CVSS v4.0
5.1
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
Name of the Vulnerable Software and Affected Versions
Sonatype Nexus Repository versions 3.6.0 through 3.91.0
Description
An authenticated user with upload permissions to a hosted repository can store content that triggers arbitrary JavaScript execution in the browser of any user viewing that repository directory through the HTML index page. This allows an attacker to perform actions within the context of the victim's session.
Recommendations
Update to version 3.92.0 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nexus Repository