Description

In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.

Remediation

References

http://www.securityfocus.com/bid/99009

https://lists.apache.org/thread.html/d779d6129de1a5aa149c219b2fc6e9e78156614eaac92a89cbaf9bce%40%3Cdev.nifi.apache.org%3E

Related Vulnerabilities

CVE-2022-31129 Vulnerability in maven package org.webjars.bowergithub.moment:moment

CVE-2020-13949 Vulnerability in maven package org.apache.thrift:libthrift

CVE-2021-30109 Vulnerability in npm package froala-editor

CVE-2021-44878 Vulnerability in maven package org.pac4j:pac4j-core

CVE-2023-37964 Vulnerability in maven package org.jenkins-ci.plugins:elasticbox

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory VDB Entry