CVE-2016-8748

Summary

In Apache NiFi before 1.0.1 and 1.1.x before 1.1.1, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. The user supplied text was not being properly handled when added to the DOM.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache NiFi1.0.0affected
Apache Software FoundationApache NiFi1.1.0affected

Weaknesses

  • Information Disclosure

ADP Enrichment

CVE Program Container

Additional References

References