Volerion logoVolerion
Volerion logoVolerion

Sonatype Nexus Repository 3 Reflected Cross-Site Scripting Vulnerability

Vulnerability

A reflected cross-site scripting vulnerability has been identified in Sonatype Nexus Repository 3, specifically in versions 3.82.0 through 3.87.1. This vulnerability allows unauthenticated attackers to execute arbitrary JavaScript in the browser of a victim who interacts with a crafted request. Exploitation requires user interaction, such as visiting a malicious page or clicking a link.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can execute JavaScript in the context of the victim's browser. This could lead to stealing session information, performing actions on behalf of the user, or escalating privileges by creating administrative accounts.

Remediation

Users are advised to upgrade to Sonatype Nexus Repository version 3.88.0 or later. The latest version can be downloaded from the Sonatype Nexus Repository Manager 3 Download page.

Added: Jan 14, 2026, 10:27 PM
Updated: Jan 14, 2026, 10:27 PM

Vulnerability Rating

Custom Algorithm
spread
6.2
impact
1.7
exploitability
6.0
remediation
7.7
relevance
2.1
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.