Security Advisory

CVE-2025-13488

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-04 18:16:56

Last updated 2025-12-04 20:00:41

Assigner Sonatype

State PUBLISHED

Description

Due to a regression introduced in version 3.83.0, a security header is no longer applied to certain user-uploaded content served from repositories. This may allow an authenticated attacker with repository upload privileges to exploit a stored cross-site scripting (XSS) vulnerability with user context.

← Browse all CVEs View on cve.org ↗