We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Assigner | apache |
Reserved | 2024-08-29 |
Published | 2024-10-29 |
Updated | 2024-10-29 |
Apache NiFi 1.10.0 through 1.27.0 and 2.0.0-M1 through 2.0.0-M3 support a description field for Parameters in a Parameter Context configuration that is vulnerable to cross-site scripting. An authenticated user, authorized to configure a Parameter Context, can enter arbitrary JavaScript code, which the client browser will execute within the session context of the authenticated user. Upgrading to Apache NiFi 1.28.0 or 2.0.0-M4 is the recommended mitigation.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N |
2024-08-23: | reported |
2024-08-23: | confirmed |
2024-08-25: | resolved |
Muhammad Hazim Bin Nor Aizi
https://lists.apache.org/thread/shdv0tw9hggj7tx9pl7g93mgok2lwbj9