CVE-2020-1933
MEDIUMApache NiFi 1.0.0-1.10.0 - Cross-Site Scripting via Firefox UI Injection
Title source: llmDescription
A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by an unaware authenticated user in Firefox. Did not appear to occur in other browsers.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://nifi.apache.org/security.html#CVE-2020-1933
Scores
CVSS v3
6.1
EPSS
0.0041
EPSS Percentile
61.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
apache/nifi
1.0.0 - 1.10.0
org.apache.nifi/nifi
1.0.0 - 1.11.0Maven
Published
Jan 28, 2020
Tracked Since
Feb 18, 2026