CVE-2021-43961: 
Sonatype Nexus 3 vulnerability analysis and mitigation

Sonatype Nexus Repository Manager 3.x through version 3.37.3 was discovered to contain an HTML injection vulnerability (CVE-2021-43961). The vulnerability was disclosed on March 2, 2022, affecting all versions up to and including 3.37.3 (Sonatype Advisory, NVD).

The vulnerability allows remote attackers to perform HTML injection by sending specially crafted URL requests that can alter the displayed HTML view. The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N, indicating network accessibility with low attack complexity but requiring user interaction (Sonatype Advisory).

If successfully exploited, an attacker can inject and manipulate HTML content in the application's interface, potentially leading to modified display content. The vulnerability requires user interaction, as the attacker must convince a victim to open a specially crafted URL (Sonatype Advisory).

The vulnerability has been fixed in Nexus Repository Manager version 3.38.0 and later. Organizations are strongly recommended to upgrade all instances of Nexus Repository 3 to version 3.38.0 or later to address this security issue (Sonatype Advisory).

The vulnerability was discovered and reported by Michael Bain and the ATT Security Team, demonstrating active security research and responsible disclosure practices in the industry (Sonatype Advisory).