Cross-Site Scripting Vulnerability in Apache NiFi Connection Details Dialog

Cross-Site Scripting Vulnerability in Apache NiFi Connection Details Dialog

CVE-2016-8748 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

In Apache NiFi before 1.0.1 and 1.1.x before 1.1.1, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. The user supplied text was not being properly handled when added to the DOM.

Learn more about our Cis Benchmark Audit For Apache Http Server.