Description

A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by an unaware authenticated user in Firefox. Did not appear to occur in other browsers.

Remediation

References

https://nifi.apache.org/security.html#CVE-2020-1933

Related Vulnerabilities

CVE-2017-5641 Vulnerability in maven package org.apache.flex.blazeds:blazeds

CVE-2016-8735 Vulnerability in maven package org.apache.tomcat:tomcat-catalina-jmx-remote

CVE-2022-36094 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates

CVE-2020-36732 Vulnerability in maven package org.webjars.bower:crypto-js

CVE-2019-10313 Vulnerability in maven package org.jenkins-ci.plugins:twitter

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory