CVE-2020-1933

A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by an unaware authenticated user in Firefox. Did not appear to occur in other browsers.

Published: Jan 28, 2020
Updated: May 9, 2024
CVE: CVE-2020-1933
GHSA: GHSA-pqhq-xx62-2v2p
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
apache / nifi	1.0.0	1.10.0.x
org.apache.nifi / nifi	1.0.0	1.11.0

https://github.com/apache/nifi/pull/3991
https://nifi.apache.org/security.html#CVE-2020-1933

Vulnerability Database

289,599

CVE-2020-1933