Description
In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.
Remediation
References
http://www.securityfocus.com/bid/99009
https://lists.apache.org/thread.html/d779d6129de1a5aa149c219b2fc6e9e78156614eaac92a89cbaf9bce%40%3Cdev.nifi.apache.org%3E
Related Vulnerabilities
CVE-2020-1935 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2020-7633 Vulnerability in npm package apiconnect-cli-plugins
CVE-2016-5725 Vulnerability in maven package com.jcraft:jsch
CVE-2019-0227 Vulnerability in maven package org.apache.axis:axis-rt-core
CVE-2018-1317 Vulnerability in maven package org.apache.zeppelin:zeppelin