BIT-NIFI-2024-45477 Apache NiFi: Improper Neutralization of Input in Parameter Description
Apache NiFi 1.10.0 through 1.27.0 support a description field for Parameters in a Parameter Context configuration that is vulnerable to cross-site scripting. An authenticated user, authorized to configure a Parameter Context, can enter arbitrary JavaScript code, which the client browser will...