CVE-2016-8748
published 2017-10-19CVE-2016-8748: In Apache NiFi before 1.0.1 and 1.1.x before 1.1.1, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized…
medium5.4CVSS 3.0
AVNACLPRLUIRSCCLILAN
In Apache NiFi before 1.0.1 and 1.1.x before 1.1.1, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. The user supplied text was not being properly handled when added to the DOM.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | nifi | <= 1.0.0 | — |
| apache | nifi | — | — |
| apache | nifi | — | — |
| apache_software_foundation | apache_nifi | — | — |
| apache_software_foundation | apache_nifi | — | — |