漏洞描述 Sonatype Nexus Repository Manager中报告了一个存储的跨站点脚本漏洞。该漏洞是由于Java类ContentSelectorsApiResource中的输入验证不足所致。
相关漏洞推荐 POC CVE-2019-7238: Sonatype Nexus Repository Manager <3.15.0 - Remote Code Execution POC CVE-2020-10199: Sonatype Nexus Repository Manager 3 - Remote Code Execution POC CVE-2024-4956: Sonatype Nexus Repository Manager 3 - Local File Inclusion Sonatype Nexus Repository 3 CVE-2024-4956 目录遍历漏洞 Sonatype Nexus Repository Manager 文件读取漏洞(CVE-2024-4956)