Description

A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by an unaware authenticated user in Firefox. Did not appear to occur in other browsers.

Remediation

References

https://nifi.apache.org/security.html#CVE-2020-1933

Related Vulnerabilities

CVE-2016-1181 Vulnerability in maven package struts:struts

CVE-2019-10429 Vulnerability in maven package org.jenkins-ci.plugins:gitlab-logo

CVE-2020-14000 Vulnerability in npm package scratch-vm

CVE-2018-1000601 Vulnerability in maven package org.jenkins-ci.plugins:ssh-credentials

CVE-2016-5016 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-server

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory