{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "0.7.3" }, { "introduced": "0" }, { "last_affected": "1.0.0" }, { "introduced": "0" }, { "last_affected": "1.0.1" }, { "introduced": "0" }, { "last_affected": "1.1.0" }, { "introduced": "0" }, { "last_affected": "1.1.1" }, { "introduced": "0" }, { "last_affected": "1.1.2" }, { "introduced": "0" }, { "last_affected": "1.2.0" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "78532ef44fb8b830a5316ce10a5cc7862bc3b5b2" }, { "introduced": "0" }, { "last_affected": "74d5224783dfdc513f6b3ad5ed96671d3c581707" }, { "introduced": "0" }, { "last_affected": "1890f6c522514027ae46f86601f4771f62cadc6d" }, { "introduced": "0" }, { "last_affected": "5536f690a81418955442d52687695f65f0a44cd0" }, { "introduced": "0" }, { "last_affected": "a92f2e36ed6be695e4dc6f624f6b3a96e6d1a57c" }, { "introduced": "0" }, { "last_affected": "e31088642b6fdc7cafb52208a6ba29216dde7898" }, { "introduced": "0" }, { "last_affected": "3a605af8e0ac024fb0ba67262d49dab2727b2576" } ], "repo": "https://github.com/apache/nifi", "type": "GIT" } ] } ], "details": "In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.", "id": "CVE-2017-7665", "modified": "2026-03-13T21:52:27.510174019Z", "published": "2017-06-12T16:29:00.217Z", "references": [ { "type": "WEB", "url": "https://lists.apache.org/thread.html/d779d6129de1a5aa149c219b2fc6e9e78156614eaac92a89cbaf9bce%40%3Cdev.nifi.apache.org%3E" }, { "type": "ADVISORY", "url": "http://www.securityfocus.com/bid/99009" } ], "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "type": "CVSS_V3" } ] }