Description

A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by an unaware authenticated user in Firefox. Did not appear to occur in other browsers.

Remediation

References

https://nifi.apache.org/security.html#CVE-2020-1933

Related Vulnerabilities

CVE-2019-10083 Vulnerability in maven package org.apache.nifi:nifi-web

CVE-2022-32533 Vulnerability in maven package org.apache.portals.jetspeed-2:jetspeed

CVE-2017-1000394 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2017-1000034 Vulnerability in maven package com.typesafe.akka:akka-actor

CVE-2020-11976 Vulnerability in maven package org.apache.wicket:wicket-core

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory