Количество 2
Количество 2
CVE-2018-17193
The message-page.jsp error page used the value of the HTTP request header X-ProxyContextPath without sanitization, resulting in a reflected XSS attack. Mitigation: The fix to correctly parse and sanitize the request attribute value was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release.
GHSA-4qq9-rrq6-48ff
Cross site scripting in org.apache.nifi:nifi
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2018-17193 The message-page.jsp error page used the value of the HTTP request header X-ProxyContextPath without sanitization, resulting in a reflected XSS attack. Mitigation: The fix to correctly parse and sanitize the request attribute value was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release. | CVSS3: 6.1 | 1% Низкий | около 7 лет назад |
| GHSA-4qq9-rrq6-48ff Cross site scripting in org.apache.nifi:nifi | CVSS3: 6.1 | 1% Низкий | около 7 лет назад |
Уязвимостей на страницу