Vulnerability Database

314,615

Total vulnerabilities in the database

CVE-2025-13488

Due to a regression introduced in version 3.83.0, a security header is no longer applied to certain user-uploaded content served from repositories. This may allow an authenticated attacker with repository upload privileges to exploit a stored cross-site scripting (XSS) vulnerability with user context.

Published: Dec 4, 2025
Updated: Dec 5, 2025
CVE: CVE-2025-13488
Exploit:

No technical information available.

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

No affected software listed.

https://help.sonatype.com/en/sonatype-nexus-repository-3-87-0-release-notes.html
https://support.sonatype.com/hc/en-us/articles/46896142768019

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo