CVE-2017-7665

Description

In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.

Affected products

• Apache Software Foundation / Apache NiFi0.0.1 to 0.7.3 – 0.0.1 to 0.7.3
• Apache Software Foundation / Apache NiFi1.0.0 to 1.2.0 – 1.0.0 to 1.2.0

References

• MISChttp://www.securityfocus.com/bid/99009
• MAILING_LISThttps://lists.apache.org/thread.html/d779d6129de1a5aa149c219b2fc6e9e78156614eaac92a89cbaf9bce%40%3Cdev.nifi.apache.org%3E