Lucene search
China National Vulnerability DatabaseCNVD-2023-96658HistoryNov 30, 2023 - 12:00 a.m.
Apache NiFi cross-site scripting vulnerability (CNVD-2023-9665850)
2023-11-3000:00:00
China National Vulnerability Database
www.cnvd.org.cn
3
apache; nifi; cross-site scripting; vulnerability; jolttransformjson; data processing; apache foundation; usa; data routing; system mediation logic; web script; html; attacker; crafted payload; data filtering; user interface; security vulnerability; cnvd-2023-9665850.
Apache NiFi is a data processing and distribution system from the Apache (USA) Foundation. The system is primarily used for data routing, transformation and system mediation logic. Apache NiFi suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the advanced configuration user interface of the JoltTransformJSON processor, which can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache nifi >=0.7.0, | le | 1.23.2 |
Related
cve
cve
CVE-2023-49145
2023-11-27 23:15:07
nvd
nvd
CVE-2023-49145
2023-11-27 23:15:07
github
github
Improper Neutralization of Input in Advanced User Interface for Jolt
2023-11-28 00:30:33
veracode
veracode
Cross Site Scripting (XSS)
2023-11-29 07:40:16
osv
osv
Improper Neutralization of Input in Advanced User Interface for Jolt
2023-11-28 00:30:33
CVE-2023-49145
2023-11-27 23:15:07
cvelist
cvelist
prion
prion
Cross site scripting
2023-11-27 23:15:00