Description

In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.

Remediation

References

http://www.securityfocus.com/bid/99009

https://lists.apache.org/thread.html/d779d6129de1a5aa149c219b2fc6e9e78156614eaac92a89cbaf9bce%40%3Cdev.nifi.apache.org%3E

Related Vulnerabilities

CVE-2020-36380 Vulnerability in npm package aaptjs

CVE-2012-3451 Vulnerability in maven package org.apache.cxf:cxf-bundle-minimal

CVE-2021-23771 Vulnerability in npm package notevil

CVE-2020-4038 Vulnerability in npm package graphql-playground-html

CVE-2019-17495 Vulnerability in maven package org.webjars.bower:swagger-ui

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory VDB Entry