GHSA-3xmp-jwrr-8f4r, CVE-2023-24279
maven/org.onosproject/onos-archetypes
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard.
All versions starting from 1.9.0 up to 2.7.0
Unfortunately, there is no solution available yet.
2023-05-25
source |