CVE-2023-30093

A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:onosproject:onos:*:*:*:*:*:*:*:*

History

12 May 2023, 14:04

Type Values Removed Values Added
CPE cpe:2.3:a:onosproject:onos:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
CWE CWE-79
References (MISC) https://www.edoardoottavianelli.it/CVE-2023-30093/ - (MISC) https://www.edoardoottavianelli.it/CVE-2023-30093/ - Exploit, Third Party Advisory
References (MISC) https://www.youtube.com/watch?v=jZr2JhDd_S8 - (MISC) https://www.youtube.com/watch?v=jZr2JhDd_S8 - Exploit

11 May 2023, 16:15

Type Values Removed Values Added
Summary An arbitrary file upload vulnerability in Open Networking Foundation ONOS from version 1.9.0 until 2.7.0 allows attackers to execute arbitrary code via uploading a crafted YAML file. A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard.

10 May 2023, 14:15

Type Values Removed Values Added
References
  • (MISC) https://www.youtube.com/watch?v=jZr2JhDd_S8 -

04 May 2023, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-05-04 22:15

Updated : 2024-02-04 23:37


NVD link : CVE-2023-30093

Mitre link : CVE-2023-30093

CVE.ORG link : CVE-2023-30093


JSON object : View

Products Affected

onosproject

  • onos
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')