Description

A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by an unaware authenticated user in Firefox. Did not appear to occur in other browsers.

Remediation

References

https://nifi.apache.org/security.html#CVE-2020-1933

Related Vulnerabilities

CVE-2020-11022 Vulnerability in maven package org.webjars:jquery

CVE-2020-6950 Vulnerability in maven package org.glassfish:jakarta.faces

CVE-2018-1000104 Vulnerability in maven package org.jenkins-ci.plugins:coverity

CVE-2020-2321 Vulnerability in maven package org.jenkins-ci.plugins:shelve-project-plugin

CVE-2023-37956 Vulnerability in maven package org.jenkins-ci.plugins:test-results-aggregator

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory