Dan Fike

**Name of the Vulnerable Software and Affected Versions** Apache NiFi versions prior to 1.8.0 **Description** The issue arises from the unsanitized use of the HTTP request header X-ProxyContextPath in the message-page.jsp error page, leading to a reflected XSS attack. **Recommendations** For versions prior to 1.8.0, upgrade to Apache NiFi 1.8.0 or a later version to apply the fix that correctly parses and sanitizes the request attribute value.