Description
A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by an unaware authenticated user in Firefox. Did not appear to occur in other browsers.
Remediation
References
https://nifi.apache.org/security.html#CVE-2020-1933
Related Vulnerabilities
CVE-2020-15138 Vulnerability in maven package org.webjars.npm:prismjs
CVE-2017-2608 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2023-36470 Vulnerability in maven package org.xwiki.platform:xwiki-platform-icon-script
CVE-2015-8855 Vulnerability in npm package semver
CVE-2022-45935 Vulnerability in maven package org.apache.james:james-server-data-file