CVE-2017-7665 – org.apache.nifi:nifi

Package

Manager: maven
Name: org.apache.nifi:nifi
Vulnerable Version: >=0 <0.7.4 || >=1.0.0 <1.3.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

EPSS: 0.0106 pctl0.76809

Details

Cross-site Scripting in Apache NiFi In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.

Metadata

Created: 2022-05-17T02:40:53Z
Modified: 2022-11-01T22:32:49Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-m5r7-w9v3-ghmx/GHSA-m5r7-w9v3-ghmx.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-m5r7-w9v3-ghmx
Finding: F008
Auto approve: 1