What is CVE-2024-5083?

CVE-2024-5083 is a vulnerability in Sonatype Nexus Repository, classified under Cross-site Scripting. Published 2024-11-14.

Is CVE-2024-5083 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XSS in Sonatype Nexus Repository

CVE-2024-5083

A stored Cross-site Scripting vulnerability has been discovered in Sonatype Nexus Repository 2 This issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.004 (61.4th percentile) — read the EPSS interpretation.

Affected products

Sonatype Nexus Repository — versions 2.0.0

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

Public proof-of-concept exploits

Roronoawjd/CVE-2024-5083
PuddinCat/GithubRepoSpider
nomi-sec/PoC-in-GitHub
zulloper/cve-poc

References

support.sonatype.com/hc/en-us/articles/30693989411987 (vendor-advisory)

Frequently asked questions

What is CVE-2024-5083?: CVE-2024-5083 is a vulnerability in Sonatype Nexus Repository, classified under Cross-site Scripting. Published 2024-11-14.
Is CVE-2024-5083 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.