Description

A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by an unaware authenticated user in Firefox. Did not appear to occur in other browsers.

Remediation

References

https://nifi.apache.org/security.html#CVE-2020-1933

Related Vulnerabilities

CVE-2019-17566 Vulnerability in maven package org.apache.xmlgraphics:batik-transcoder

CVE-2023-43497 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2022-45347 Vulnerability in maven package org.apache.shardingsphere:shardingsphere-proxy

CVE-2018-20677 Vulnerability in maven package org.webjars.bowergithub.jasny:bootstrap

CVE-2023-28685 Vulnerability in maven package org.jenkins-ci.plugins:absint-a3

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory