Description
In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.
Remediation
References
http://www.securityfocus.com/bid/99009
https://lists.apache.org/thread.html/d779d6129de1a5aa149c219b2fc6e9e78156614eaac92a89cbaf9bce%40%3Cdev.nifi.apache.org%3E
Related Vulnerabilities
CVE-2019-19771 Vulnerability in npm package fs-extar
CVE-2021-21348 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2023-41080 Vulnerability in maven package org.apache.tomcat:tomcat
CVE-2018-1000665 Vulnerability in maven package org.apache.geronimo.plugins:dojo
CVE-2021-4307 Vulnerability in maven package org.webjars.npm:baobab