CVE-2016-8748

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-8748
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-8748.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-8748
Aliases
Published
2017-10-19T20:29:00.220Z
Modified
2026-04-10T03:53:58.987509Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

In Apache NiFi before 1.0.1 and 1.1.x before 1.1.1, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. The user supplied text was not being properly handled when added to the DOM.

References

Affected packages

Git / github.com/apache/nifi

Affected ranges

Type
GIT
Repo
https://github.com/apache/nifi
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
74d5224783dfdc513f6b3ad5ed96671d3c581707
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5536f690a81418955442d52687695f65f0a44cd0
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.1.0"
        }
    ]
}

Affected versions

nifi-0.*
nifi-0.2.0-incubating-RC1
nifi-0.4.1
nifi-0.4.1-RC1
nifi-0.6.0
nifi-0.6.0-RC2
nifi-1.*
nifi-1.0.0-RC1
nifi-1.1.0-RC2
rel/nifi-1.*
rel/nifi-1.0.0
rel/nifi-1.1.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-8748.json"