CVE-2023-30093

描述

A cross-site scripting (XSS) vulnerability in Open Network Operating System (ONOS) from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the authorizationURL parameter of the API documentation dashboard under securityDefinitions > OAuth2 > authorizationURL.

受影響套件(1)

• Maven/org.onosproject:onos-archetypes>= 1.9.0, <= 2.7.0

CVSS 分數

參考連結(4)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-30093
• PATCHhttps://github.com/opennetworkinglab/onos
• WEBhttps://www.edoardoottavianelli.it/CVE-2023-30093
• WEBhttps://www.youtube.com/watch?v=jZr2JhDd_S8