XSS in Sonatype Nexus Repository

CVE-2025-13488

Due to a regression introduced in version 3.83.0, a security header is no longer applied to certain user-uploaded content served from repositories. This may allow an authenticated attacker with repository upload privileges to exploit a sto…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.001 (18.7th percentile) — read the EPSS interpretation.