Description

A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by an unaware authenticated user in Firefox. Did not appear to occur in other browsers.

Remediation

References

https://nifi.apache.org/security.html#CVE-2020-1933

Related Vulnerabilities

CVE-2017-1000505 Vulnerability in maven package org.jenkins-ci.plugins:script-security

CVE-2013-6468 Vulnerability in maven package org.drools:drools-workbench-models-test-scenarios

CVE-2023-42276 Vulnerability in maven package cn.hutool:hutool-core

CVE-2021-38555 Vulnerability in maven package org.apache.any23:apache-any23-core

CVE-2020-9281 Vulnerability in npm package ckeditor4-dev

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory