CNNVD-202512-492 Information
CNNVD ID
CNNVD-202512-492
Related CVE
- CNNVD Published: 2025-12-04
Description (Chinese)
Sonatype Nexus Repository是美国Sonatype公司的一款存储库管理器,它主要用于管理、存储和分发软件等。 Sonatype Nexus Repository存在安全漏洞,该漏洞源于安全标头未应用于某些用户上传的内容,可能导致存储型跨站脚本攻击。
Description (English)
Sonatipe Nexus Repivory is a repository manager of Sonatipe, United States, which is used mainly for the management, storage and distribution of software. There is a security loophole in Sonatipe Nexus Repivory, which stems from the fact that security markers are not applied to content uploaded by certain users and may result in storage-type cross-site script attacks.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Sonatype
Published
2025-12-04
Last Modified
2026-02-24
References
https://help.sonatype.com/en/sonatype-nexus-repository-3-87-0-release-notes.html https://support.sonatype.com/hc/en-us/articles/46896142768019 https://access.redhat.com/security/cve/cve-2025-13488 https://vigilance.fr/vulnerability/Sonatype-Nexus-Repository-Cross-Site-Scripting-via-Uploaded-Content-49083
Patch
https://support.sonatype.com/hc/en-us/articles/46896142768019
Share on: