Description

In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.

Remediation

References

http://www.securityfocus.com/bid/99009

https://lists.apache.org/thread.html/d779d6129de1a5aa149c219b2fc6e9e78156614eaac92a89cbaf9bce%40%3Cdev.nifi.apache.org%3E

Related Vulnerabilities

CVE-2022-24373 Vulnerability in npm package react-native-reanimated

CVE-2022-34870 Vulnerability in maven package org.apache.geode:geode-pulse

CVE-2021-43306 Vulnerability in maven package org.webjars:jquery-validation

CVE-2020-7789 Vulnerability in npm package node-notifier

CVE-2018-1131 Vulnerability in maven package org.infinispan:infinispan-core

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory VDB Entry