Description

A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by an unaware authenticated user in Firefox. Did not appear to occur in other browsers.

Remediation

References

https://nifi.apache.org/security.html#CVE-2020-1933

Related Vulnerabilities

CVE-2018-20677 Vulnerability in maven package org.webjars.npm:bootstrap

CVE-2023-30843 Vulnerability in npm package payload

CVE-2011-5064 Vulnerability in maven package tomcat:catalina

CVE-2018-3819 Vulnerability in npm package kibana

CVE-2018-1000192 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory