Description
In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.
Remediation
References
http://www.securityfocus.com/bid/99009
https://lists.apache.org/thread.html/d779d6129de1a5aa149c219b2fc6e9e78156614eaac92a89cbaf9bce%40%3Cdev.nifi.apache.org%3E
Related Vulnerabilities
CVE-2016-6817 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2011-4838 Vulnerability in maven package jruby:jruby
CVE-2020-8137 Vulnerability in npm package fastify
CVE-2021-29452 Vulnerability in npm package a12n-server
CVE-2019-20921 Vulnerability in maven package org.webjars:bootstrap-select