CVE-2016-8748
Cross-site Scripting in Apache NiFi
5.4
MEDIUM
CVSS 3.1
EPSS 0.41%
Description
In Apache NiFi before 1.0.1 and 1.1.x before 1.1.1, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. The user supplied text was not being properly handled when added to the DOM.
How to fix CVE-2016-8748
To remediate CVE-2016-8748, upgrade the affected package to a fixed version below.
- Maven/org.apache.nifi:nifi—upgrade to 1.0.1 or later
Is CVE-2016-8748 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.0.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |