Persistent Cross—Site Scripting
Nexus Repository Manager
Escape content selector names when rendered by the front-end
Coordinated Disclosure Timeline
- 02/03/2020: Report sent to Vendor
- 02/03/2020: Sonatype acknowledged report
- 02/14/2020: Sonatype raises questions about some of the issues
- 02/17/2020: GHSL answers Sonatype questions
- 02/19/2020: Sonatype agrees with GHSL comments
This issue was discovered and reported by GHSL team member @pwntester (Alvaro Muñoz).
You can contact the GHSL team at
firstname.lastname@example.org, please include the
GHSL-2020-016 in any communication regarding this issue.