CVE-2016-8748

Опубликовано: 19 окт. 2017

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

In Apache NiFi before 1.0.1 and 1.1.x before 1.1.1, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. The user supplied text was not being properly handled when added to the DOM.

Ссылки

http://www.securityfocus.com/bid/95621
Third Party Advisory
VDB Entry
https://nifi.apache.org/security.html#CVE-2016-8748
Issue Tracking
Mitigation
Vendor Advisory
http://www.securityfocus.com/bid/95621
Third Party Advisory
VDB Entry
https://nifi.apache.org/security.html#CVE-2016-8748
Issue Tracking
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*

Версия до 1.0.0 (включая)

cpe:2.3:a:apache:nifi:1.1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 65%

0.00492

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-g2fm-x3cp-mqw9