Description

In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.

Remediation

References

http://www.securityfocus.com/bid/99009

https://lists.apache.org/thread.html/d779d6129de1a5aa149c219b2fc6e9e78156614eaac92a89cbaf9bce%40%3Cdev.nifi.apache.org%3E

Related Vulnerabilities

CVE-2020-7760 Vulnerability in maven package org.webjars:codemirror

CVE-2018-8036 Vulnerability in maven package org.apache.pdfbox:fontbox

CVE-2020-7624 Vulnerability in npm package effect

CVE-2020-28499 Vulnerability in npm package merge

CVE-2020-7660 Vulnerability in npm package serialize-javascript

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory VDB Entry