Description

In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.

Remediation

References

http://www.securityfocus.com/bid/99009

https://lists.apache.org/thread.html/d779d6129de1a5aa149c219b2fc6e9e78156614eaac92a89cbaf9bce%40%3Cdev.nifi.apache.org%3E

Related Vulnerabilities

CVE-2021-26540 Vulnerability in npm package sanitize-html

CVE-2020-2150 Vulnerability in maven package org.jenkins-ci.plugins:quality-gates

CVE-2017-12964 Vulnerability in maven package org.webjars.npm:node-sass

CVE-2020-2109 Vulnerability in maven package org.jenkins-ci.plugins.workflow:workflow-cps

CVE-2018-11695 Vulnerability in npm package node-sass

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory VDB Entry