CVE-2017-7665
MEDIUMApache NiFi < 0.7.4 and 1.x < 1.3.0 - Stored Cross-Site Scripting
Title source: llmDescription
In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/99009
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/d779d6129de1a5aa149c219b2fc6e9e78156614eaac92a89cbaf9bce%40%3Cdev.nifi.apache.org%3E
Scores
CVSS v3
6.1
EPSS
0.0088
EPSS Percentile
75.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (10)
apache/nifi
1.0.0
apache/nifi
1.0.1
apache/nifi
1.1.0
apache/nifi
1.1.1
apache/nifi
1.1.2
apache/nifi
1.2.0
apache/nifi
< 0.7.3
Apache Software Foundation/Apache NiFi
0.0.1 to 0.7.3
Apache Software Foundation/Apache NiFi
1.0.0 to 1.2.0
org.apache.nifi/nifi
0 - 0.7.4Maven
Published
Jun 12, 2017
Tracked Since
Feb 18, 2026