CVE-2016-8748

Description

In Apache NiFi before 1.0.1 and 1.1.x before 1.1.1, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. The user supplied text was not being properly handled when added to the DOM.

Affected products

• Apache Software Foundation / Apache NiFi1.0.0 – 1.0.0
• Apache Software Foundation / Apache NiFi1.1.0 – 1.1.0

References

• MISChttp://www.securityfocus.com/bid/95621
• MISChttps://nifi.apache.org/security.html#CVE-2016-8748