Description

A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by an unaware authenticated user in Firefox. Did not appear to occur in other browsers.

Remediation

References

https://nifi.apache.org/security.html#CVE-2020-1933

Related Vulnerabilities

CVE-2023-29526 Vulnerability in maven package org.xwiki.platform:xwiki-platform-rendering-async-api

CVE-2015-6524 Vulnerability in maven package org.apache.activemq:activemq-osgi

CVE-2020-1714 Vulnerability in maven package org.keycloak:keycloak-common

CVE-2022-45143 Vulnerability in maven package org.apache.tomcat:tomcat-util

CVE-2020-16017 Vulnerability in maven package org.webjars.npm:electron

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory