Description

A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by an unaware authenticated user in Firefox. Did not appear to occur in other browsers.

Remediation

References

https://nifi.apache.org/security.html#CVE-2020-1933

Related Vulnerabilities

CVE-2018-8042 Vulnerability in maven package org.apache.ambari:ambari-agent

CVE-2023-33265 Vulnerability in maven package com.hazelcast:hazelcast-enterprise

CVE-2023-32070 Vulnerability in maven package org.xwiki.platform:xwiki-core-rendering-api

CVE-2022-45393 Vulnerability in maven package org.jenkins-ci.plugins:delete-log-plugin

CVE-2023-50779 Vulnerability in maven package com.cloudtp.jenkins:paaslane-estimate

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory