Medium severity6.1NVD Advisory· Published Jun 12, 2017· Updated May 13, 2026

CVE-2017-7665

Description

In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.apache.nifi:nifiMaven	< 0.7.4	0.7.4
org.apache.nifi:nifiMaven	>= 1.0.0, < 1.3.0	1.3.0

Affected products

Apache/Nifi7 versions
cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*range: <=0.7.3
- cpe:2.3:a:apache:nifi:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:nifi:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:nifi:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:nifi:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:nifi:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:nifi:1.2.0:*:*:*:*:*:*:*
Apache Software Foundation/Apache NiFiv5
Range: 0.0.1 to 0.7.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/99009nvdThird Party AdvisoryVDB EntryWEB
github.com/advisories/GHSA-m5r7-w9v3-ghmxghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2017-7665ghsaADVISORY
lists.apache.org/thread.html/d779d6129de1a5aa149c219b2fc6e9e78156614eaac92a89cbaf9bce@%3Cdev.nifi.apache.org%3EghsaWEB
lists.apache.org/thread.html/d779d6129de1a5aa149c219b2fc6e9e78156614eaac92a89cbaf9bce%40%3Cdev.nifi.apache.org%3Envd

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000