Lucene search
Veracode Vulnerability DatabaseVERACODE:22387HistoryJan 28, 2020 - 12:40 p.m.
Cross-site Scripting (XSS)
2020-01-2812:40:10
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
0.002 Low
EPSS
Percentile
52.8%
nifi-web-api is vulnerable to cross-site scripting (XSS). It does not handle error response properly, allowing an unauthenticated user when using the application with Firefox to inject malicious script via UI through action. Note: this vulnerability does occur in other browsers.
| CPE | Name | Operator | Version |
|---|---|---|---|
| nifi-web-api | le | 1.6.0 | |
| nifi-web-api | le | 1.10.0 | |
| nifi-web-api | le | 1.9.2 | |
| nifi-web-api | le | 1.1.2 | |
| nifi-web-api | le | 1.0.1 |
Related
cvelist
cvelist
CVE-2020-1933
2020-01-28 00:33:32
github
github
Cross-site scripting in Apache NiFi
2022-01-06 20:35:39
cve
cve
CVE-2020-1933
2020-01-28 01:15:12
nvd
nvd
CVE-2020-1933
2020-01-28 01:15:12
osv
osv
Cross-site scripting in Apache NiFi
2022-01-06 20:35:39
CVE-2020-1933
2020-01-28 01:15:12
prion
prion
Cross site scripting
2020-01-28 01:15:00