CVE-2016-8748

medium

Published 2017-10-19 · Modified 2023-11-08

CVSS v3

5.4

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v2

3.5

VIR risk

5.4

Description

Cross-site Scripting in Apache NiFi

Exploit likelihood

64%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

vendor Authored 2026-05-27

Vendor advisory: security@apache.org — https://nifi.apache.org/security.html#CVE-2016-8748

Ecosystem	Package	Vulnerable	Fixed
Maven	org.apache.nifi:nifi	`<1.0.1`	`1.0.1`
Maven	org.apache.nifi:nifi	`>=1.1.0,<1.1.1`	`1.1.1`

Vendor	Product	Versions	Fixed
apache	nifi	`{"endIncluding":"1.0.0"}`
apache	nifi	`1.1.0`

CWE-79

Verify integrity in audit chain (admin only). AS-IS.