nifi-web-api is vulnerable to cross-site scripting (XSS). It does not handle error response properly, allowing an unauthenticated user when using the application with Firefox to inject malicious script via UI through action. Note: this vulnerability does occur in other browsers.
CPE | Name | Operator | Version |
---|---|---|---|
nifi-web-api | le | 1.6.0 | |
nifi-web-api | le | 1.10.0 | |
nifi-web-api | le | 1.9.2 | |
nifi-web-api | le | 1.1.2 | |
nifi-web-api | le | 1.0.1 |