CVE-2016-8748

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2016-8748

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-8748.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2016-8748

Aliases

GHSA-g2fm-x3cp-mqw9

Published

2017-10-19T20:29:00.220Z

Modified

2026-04-11T17:12:53.192670Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

In Apache NiFi before 1.0.1 and 1.1.x before 1.1.1, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. The user supplied text was not being properly handled when added to the DOM.

References

Affected packages

Git / github.com/apache/nifi

Affected ranges

Type

GIT

Repo

https://github.com/apache/nifi

Events

Introduced

Last affected

74d5224783dfdc513f6b3ad5ed96671d3c581707

Last affected

5536f690a81418955442d52687695f65f0a44cd0

Database specific

{
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.0"
        },
        {
            "last_affected": "1.1.0"
        }
    ],
    "cpe": [
        "cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:nifi:1.1.0:*:*:*:*:*:*:*"
    ]
}

Affected versions

nifi-0.*

nifi-0.2.0-incubating-RC1

nifi-0.4.1

nifi-0.4.1-RC1

nifi-0.6.0

nifi-0.6.0-RC2

nifi-1.*

nifi-1.0.0-RC1

nifi-1.1.0-RC2

rel/nifi-1.*

rel/nifi-1.0.0

rel/nifi-1.1.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-8748.json"