Описание
ONOS vulnerable to reflected cross-site scripting
A cross-site scripting (XSS) vulnerability in Open Network Operating System (ONOS) from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter of the API documentation dashboard under info > contact > URL.
Пакеты
Наименование
org.onosproject:onos-archetypes
maven
Затронутые версииВерсия исправления
>= 1.9.0, <= 2.7.0
Отсутствует
Связанные уязвимости
CVSS3: 6.1
nvd
почти 3 года назад
A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard.