CVE-2023-30093

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in maven/org.onosproject/onos-archetypes

Identifiers

GHSA-q63q-hwf6-3mw6, CVE-2023-30093

Package Slug

maven/org.onosproject/onos-archetypes

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard.

Affected Versions

All versions starting from 1.9.0 up to 2.7.0

Solution

Unfortunately, there is no solution available yet.

Last Modified

2023-05-25

source