CVE-2017-7665

MEDIUM6.1EPSS 0.88%

Cross-site Scripting in Apache NiFi

Published: 5/17/2022Modified: 11/8/2023

Description

In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.

Affected packages (1)

Maven/org.apache.nifi:nififrom 0, < 0.7.4

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-7665
WEBhttps://lists.apache.org/thread.html/d779d6129de1a5aa149c219b2fc6e9e78156614eaac92a89cbaf9bce@%3Cdev.nifi.apache.org%3E
WEBhttp://www.securityfocus.com/bid/99009