[NEXUS-23148] CVE-2020-10203 - Cross Site Scripting (XSS) - Sonatype JIRA

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.21.2
Component/s: Security
Labels:

Release Note:

Yes

Description

An attacker with elevated privileges can create entities with specially crafted properties which when viewed by another user can execute arbitrary JavaScript in the context of the NXRM application.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Dawid Sawa

Last Updated By:: Michael Prescott

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 03/13/20 03:03 PM

Updated:: 04/23/21 06:11 PM

Resolved:: 03/27/20 02:20 PM