Описание
ONOS vulnerable to Cross-site Scripting
A cross-site scripting (XSS) vulnerability in Open Network Operating System (ONOS) from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the authorizationURL parameter of the API documentation dashboard under securityDefinitions > OAuth2 > authorizationURL.
Пакеты
Наименование
org.onosproject:onos-archetypes
maven
Затронутые версииВерсия исправления
>= 1.9.0, <= 2.7.0
Отсутствует
Связанные уязвимости
CVSS3: 6.1
nvd
почти 3 года назад
A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard.