BIT-nifi-2024-45477

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/nifi/BIT-nifi-2024-45477.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-nifi-2024-45477

Aliases

Published

2026-04-13T14:17:18.796Z

Modified

2026-04-13T15:11:04.889539791Z

Summary

Apache NiFi: Improper Neutralization of Input in Parameter Description

Details

Apache NiFi 1.10.0 through 1.27.0 support a description field for Parameters in a Parameter Context configuration that is vulnerable to cross-site scripting. An authenticated user, authorized to configure a Parameter Context, can enter arbitrary JavaScript code, which the client browser will execute within the session context of the authenticated user. Upgrading to Apache NiFi 1.28.0 or higher is the recommended mitigation.

Database specific

{
    "cpes": [
        "cpe:2.3:a:apache:nifi:*:*:*:*:*:maven:*:*"
    ],
    "severity": "Medium"
}

References

Affected packages

Bitnami / nifi

Package

Name: nifi
Purl: pkg:bitnami/nifi

Severity

4.6 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

1.10.0

Fixed

1.28.0

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/nifi/BIT-nifi-2024-45477.json"