CVE-2020-1933

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-1933

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1933.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-1933

Aliases

Published

2020-01-28T01:15:12.550Z

Modified

2026-04-10T04:24:05.309547Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by an unaware authenticated user in Firefox. Did not appear to occur in other browsers.

References

https://nifi.apache.org/security.html#CVE-2020-1933

Affected packages

Git / github.com/apache/nifi

Affected ranges

Type

GIT

Repo

https://github.com/apache/nifi

Events

Introduced

74d5224783dfdc513f6b3ad5ed96671d3c581707

Last affected

b217ae20ad6a04cac874b2b00d93b7f7514c0b88

Database specific

{
    "versions": [
        {
            "introduced": "1.0.0"
        },
        {
            "last_affected": "1.10.0"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1933.json"