Vulnerability Details CVE-2017-7665
In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.9%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://www.securityfocus.com/bid/99009
- https://lists.apache.org/thread.html/d779d6129de1a5aa149c219b2fc6e9e78156614eaac92a89cbaf9bce%40%3Cdev.nifi.apache.org%3E
- http://www.securityfocus.com/bid/99009
- https://lists.apache.org/thread.html/d779d6129de1a5aa149c219b2fc6e9e78156614eaac92a89cbaf9bce%40%3Cdev.nifi.apache.org%3E
Products affected by CVE-2017-7665
-
cpe:2.3:a:apache:nifi:-
-
cpe:2.3:a:apache:nifi:0.0.1
-
cpe:2.3:a:apache:nifi:0.0.2
-
cpe:2.3:a:apache:nifi:0.1.0
-
cpe:2.3:a:apache:nifi:0.2.0
-
cpe:2.3:a:apache:nifi:0.2.1
-
cpe:2.3:a:apache:nifi:0.3.0
-
cpe:2.3:a:apache:nifi:0.4.0
-
cpe:2.3:a:apache:nifi:0.4.1
-
cpe:2.3:a:apache:nifi:0.5.0
-
cpe:2.3:a:apache:nifi:0.5.1
-
cpe:2.3:a:apache:nifi:0.6.0
-
cpe:2.3:a:apache:nifi:0.6.1
-
cpe:2.3:a:apache:nifi:0.7.0
-
cpe:2.3:a:apache:nifi:0.7.1
-
cpe:2.3:a:apache:nifi:0.7.2
-
cpe:2.3:a:apache:nifi:0.7.3
-
cpe:2.3:a:apache:nifi:1.0.0
-
cpe:2.3:a:apache:nifi:1.0.1
-
cpe:2.3:a:apache:nifi:1.1.0
-
cpe:2.3:a:apache:nifi:1.1.1
-
cpe:2.3:a:apache:nifi:1.1.2
-
cpe:2.3:a:apache:nifi:1.2.0