Description
A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by an unaware authenticated user in Firefox. Did not appear to occur in other browsers.
Remediation
References
https://nifi.apache.org/security.html#CVE-2020-1933
Related Vulnerabilities
CVE-2020-6464 Vulnerability in maven package org.webjars.npm:electron
CVE-2023-27900 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2023-29211 Vulnerability in maven package org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki
CVE-2016-6636 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-login
CVE-2020-1942 Vulnerability in maven package org.apache.nifi:nifi-framework-bundle