CVE-2017-7665

CWE-79Cross-site Scripting (XSS)5 documents5 sources
Severity
6.1MEDIUM
EPSS
0.9%
top 24.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache NifiApache Software Foundation Apache Nifi
Timeline
PublishedJun 12
Latest updateMay 17

Description

In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

Mavenorg.apache.nifi:nifi1.0.01.3.0+1
NVDapache/nifi0.7.3+6
CVEListV5apache_software_foundation/apache_nifi0.0.1 to 0.7.3, 1.0.0 to 1.2.0+1

🔴Vulnerability Details

3
OSV
Cross-site Scripting in Apache NiFi2022-05-17
GHSA
Cross-site Scripting in Apache NiFi2022-05-17
CVEList
CVE-2017-7665: In Apache NiFi before 02017-06-12

📋Vendor Advisories

1
Apache
Apache nifi: CVE-2017-7665
CVE-2017-7665 (MEDIUM CVSS 6.1) | In Apache NiFi before 0.7.4 and 1.x | cvebase.io