Description

In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.

Remediation

References

http://www.securityfocus.com/bid/99009

https://lists.apache.org/thread.html/d779d6129de1a5aa149c219b2fc6e9e78156614eaac92a89cbaf9bce%40%3Cdev.nifi.apache.org%3E

Related Vulnerabilities

CVE-2023-51075 Vulnerability in maven package cn.hutool:hutool-core

CVE-2017-7556 Vulnerability in maven package io.hawt:project

CVE-2021-21423 Vulnerability in npm package projen

CVE-2020-7793 Vulnerability in maven package org.webjars.bowergithub.faisalman:ua-parser-js

CVE-2019-12415 Vulnerability in maven package org.apache.poi:poi-ooxml

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory VDB Entry