In Apache NiFi before 1.0.1 and 1.1.x before 1.1.1, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. The user supplied text was not being properly handled when added to the DOM.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.apache.nifi:nifi(Maven) | 0 | 1.0.1 | N/A |
| org.apache.nifi:nifi(Maven) | 1.1.0 | 1.1.1 | N/A |
CVSS Metrics
