Apache NiFi is a data processing and distribution system from the Apache (USA) Foundation. The system is primarily used for data routing, transformation and system mediation logic. Apache NiFi suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the advanced configuration user interface of the JoltTransformJSON processor, which can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload.
CPE | Name | Operator | Version |
---|---|---|---|
apache nifi >=0.7.0, | le | 1.23.2 |