Apache · Apache Nifi · CVE-2018-17193
**Name of the Vulnerable Software and Affected Versions**
Apache NiFi versions prior to 1.8.0
**Description**
The issue arises from the unsanitized use of the HTTP request header X-ProxyContextPath in the message-page.jsp error page, leading to a reflected XSS attack.
**Recommendations**
For versions prior to 1.8.0, upgrade to Apache NiFi 1.8.0 or a later version to apply the fix that correctly parses and sanitizes the request attribute value.