Description
In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.
Remediation
References
http://www.securityfocus.com/bid/99009
https://lists.apache.org/thread.html/d779d6129de1a5aa149c219b2fc6e9e78156614eaac92a89cbaf9bce%40%3Cdev.nifi.apache.org%3E
Related Vulnerabilities
CVE-2023-40350 Vulnerability in maven package org.jenkins-ci.plugins:docker-swarm
CVE-2018-5158 Vulnerability in maven package org.webjars.bowergithub.mozilla:pdfjs-dist
CVE-2022-23913 Vulnerability in maven package org.apache.activemq:artemis-core-client