XSS in Sonatype Nexus Repository

CVE-2026-7308

An authenticated user with upload permission to a hosted repository can store content that causes arbitrary JavaScript to execute in the browser of any user who browses that repository directory via the HTML index page in Sonatype Nexus Re…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.001 (16.7th percentile) — read the EPSS interpretation.