1. Home
  2. Vulnerabilities
  3. CVE-2020-1933

CVE-2020-1933

CVSS v3.1 6.1 (Medium)
61% Progress
CVSS v2.0 4.3 (Medium)
43% Progress
EPSS 0.16 % (53th)
0.16% Progress
Affected Products 2
Advisories 1
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Graph Web & Social Timeline

A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by an unaware authenticated user in Firefox. Did not appear to occur in other browsers.

Weaknesses
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE Status
PUBLISHED
CNA
Apache Software Foundation
Published Date
2020-01-28 01:15:12
(4 years ago)
Updated Date
2020-01-29 20:09:51
(4 years ago)

Affected Products

Apache

Mozilla

Configuration #1

AND
    CPE23 From Up To
OR  
  Apache Nifi from 1.0.0 version and 1.10.0 and prior versions cpe:2.3:a:apache:nifi >= 1.0.0 <= 1.10.0
OR  
  Running on/with
  Mozilla Firefox cpe:2.3:a:mozilla:firefox:-