nifi-jetty is vulnerable to cross-site scripting (XSS) attacks. A malicious user can inject and execute arbitrary JavaScript because the library does have the sufficient response headers to only allow framing from the same origin.
CPE | Name | Operator | Version |
---|---|---|---|
nifi-jetty | le | 1.2.0 | |
nifi-jetty | le | 0.7.3 | |
nifi-framework-core | le | 1.2.0 |