CVE-2020-1933

CWE-79Cross-site Scripting (XSS)5 documents5 sources
Severity
6.1MEDIUM
EPSS
0.5%
top 34.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache NifiApache Software Foundation Apache Nifi
Timeline
PublishedJan 28
Latest updateJan 6

Description

A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by an unaware authenticated user in Firefox. Did not appear to occur in other browsers.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

CVEListV5apache_software_foundation/apache_nifiApache NiFi 1.0.0 to 1.10.0
Mavenorg.apache.nifi:nifi1.0.01.11.0
NVDapache/nifi1.0.01.10.0

🔴Vulnerability Details

3
OSV
Cross-site scripting in Apache NiFi2022-01-06
GHSA
Cross-site scripting in Apache NiFi2022-01-06
CVEList
CVE-2020-1933: A XSS vulnerability was found in Apache NiFi 12020-01-28

📋Vendor Advisories

1
Apache
Apache nifi: CVE-2020-1933