CVE-2016-8748

MEDIUM5.4EPSS 0.41%

Cross-site Scripting in Apache NiFi

Published: 5/14/2022Modified: 11/8/2023

Description

In Apache NiFi before 1.0.1 and 1.1.x before 1.1.1, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. The user supplied text was not being properly handled when added to the DOM.

Affected packages (1)

Maven/org.apache.nifi:nififrom 0, < 1.0.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.4	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-8748
WEBhttps://nifi.apache.org/security.html#CVE-2016-8748
WEBhttp://www.securityfocus.com/bid/95621