Vulnerability Details CVE-2017-7665
In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 76.6%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://www.securityfocus.com/bid/99009
- https://lists.apache.org/thread.html/d779d6129de1a5aa149c219b2fc6e9e78156614eaac92a89cbaf9bce%40%3Cdev.nifi.apache.org%3E
- http://www.securityfocus.com/bid/99009
- https://lists.apache.org/thread.html/d779d6129de1a5aa149c219b2fc6e9e78156614eaac92a89cbaf9bce%40%3Cdev.nifi.apache.org%3E
Products affected by CVE-2017-7665
-
cpe:2.3:a:apache:nifi:-
-
cpe:2.3:a:apache:nifi:0.0.1
-
cpe:2.3:a:apache:nifi:0.0.2
-
cpe:2.3:a:apache:nifi:0.1.0
-
cpe:2.3:a:apache:nifi:0.2.0
-
cpe:2.3:a:apache:nifi:0.2.1
-
cpe:2.3:a:apache:nifi:0.3.0
-
cpe:2.3:a:apache:nifi:0.4.0
-
cpe:2.3:a:apache:nifi:0.4.1
-
cpe:2.3:a:apache:nifi:0.5.0
-
cpe:2.3:a:apache:nifi:0.5.1
-
cpe:2.3:a:apache:nifi:0.6.0
-
cpe:2.3:a:apache:nifi:0.6.1
-
cpe:2.3:a:apache:nifi:0.7.0
-
cpe:2.3:a:apache:nifi:0.7.1
-
cpe:2.3:a:apache:nifi:0.7.2
-
cpe:2.3:a:apache:nifi:0.7.3
-
cpe:2.3:a:apache:nifi:1.0.0
-
cpe:2.3:a:apache:nifi:1.0.1
-
cpe:2.3:a:apache:nifi:1.1.0
-
cpe:2.3:a:apache:nifi:1.1.1
-
cpe:2.3:a:apache:nifi:1.1.2
-
cpe:2.3:a:apache:nifi:1.2.0