Description

A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by an unaware authenticated user in Firefox. Did not appear to occur in other browsers.

Remediation

References

https://nifi.apache.org/security.html#CVE-2020-1933

Related Vulnerabilities

CVE-2023-30843 Vulnerability in npm package payload

CVE-2022-23615 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

CVE-2022-1274 Vulnerability in maven package org.keycloak:keycloak-services

CVE-2016-0793 Vulnerability in maven package org.wildfly:wildfly-undertow

CVE-2019-1003047 Vulnerability in maven package org.jenkins-ci.plugins:fortify-on-demand-uploader

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory