CVE-2017-7665

MEDIUM6.1EPSS 0.88%

Cross-site Scripting in Apache NiFi

發布日:2022/5/17修改日:2023/11/8

描述

In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.

受影響套件(1)

Maven/org.apache.nifi:nififrom 0, < 0.7.4

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-7665
WEBhttps://lists.apache.org/thread.html/d779d6129de1a5aa149c219b2fc6e9e78156614eaac92a89cbaf9bce@%3Cdev.nifi.apache.org%3E
WEBhttp://www.securityfocus.com/bid/99009