Description

In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.

Remediation

References

http://www.securityfocus.com/bid/99009

https://lists.apache.org/thread.html/d779d6129de1a5aa149c219b2fc6e9e78156614eaac92a89cbaf9bce%40%3Cdev.nifi.apache.org%3E

Related Vulnerabilities

CVE-2023-46496 Vulnerability in npm package @evershop/evershop

CVE-2022-41713 Vulnerability in npm package deep-object-diff

CVE-2023-33544 Vulnerability in maven package io.hawt:hawtio-system

CVE-2023-30523 Vulnerability in maven package org.jenkins-ci.plugins:reportportal

CVE-2021-23353 Vulnerability in maven package org.webjars.bowergithub.mrrio:jspdf

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory VDB Entry