Description
In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.
Remediation
References
http://www.securityfocus.com/bid/99009
https://lists.apache.org/thread.html/d779d6129de1a5aa149c219b2fc6e9e78156614eaac92a89cbaf9bce%40%3Cdev.nifi.apache.org%3E
Related Vulnerabilities
CVE-2020-36380 Vulnerability in npm package aaptjs
CVE-2012-3451 Vulnerability in maven package org.apache.cxf:cxf-bundle-minimal
CVE-2021-23771 Vulnerability in npm package notevil
CVE-2020-4038 Vulnerability in npm package graphql-playground-html
CVE-2019-17495 Vulnerability in maven package org.webjars.bower:swagger-ui