GHSA-3xmp-jwrr-8f4r

Source

https://github.com/advisories/GHSA-3xmp-jwrr-8f4r

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-3xmp-jwrr-8f4r/GHSA-3xmp-jwrr-8f4r.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-3xmp-jwrr-8f4r

Aliases

CVE-2023-24279

Published

2023-03-14T03:30:18Z

Modified

2024-02-21T05:59:08.821919Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

ONOS vulnerable to reflected cross-site scripting

Details

A cross-site scripting (XSS) vulnerability in Open Network Operating System (ONOS) from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter of the API documentation dashboard under info > contact > URL.

Database specific

{
    "nvd_published_at": "2023-03-14T01:15:00Z",
    "severity": "MODERATE",
    "github_reviewed_at": "2023-05-24T15:21:40Z",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

Maven / org.onosproject:onos-archetypes

Package

Name: org.onosproject:onos-archetypes; View open source insights on deps.dev
Purl: pkg:maven/org.onosproject/onos-archetypes

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.9.0

Last affected

2.7.0

Affected versions

1.*

1.9.0

1.9.0-test1

1.9.1

1.9.2

1.10.0-rc1

1.10.0-rc2

1.10.0-rc3

1.10.0-rc4

1.10.0-rc5

1.10.0

1.10.1

1.10.2

1.10.3

1.10.4

1.10.5

1.10.6

1.10.7

1.10.8

1.10.9

1.10.10

1.10.11

1.10.12

1.11.0-b2

1.11.0-b3

1.11.0-b4

1.11.0-rc4

1.11.0-rc5

1.11.0-rc6

1.11.0

1.11.1-rc1

1.11.1

1.11.2-rc1

1.11.2-rc3

1.11.2-rc4

1.11.2-rc5

1.11.2-rc6

1.11.2

1.12.0-b1

1.12.0-b2

1.12.0-rc1

1.12.0-rc2

1.12.0-rc3

1.12.0

1.12.1-rc1

1.12.1-rc2

1.12.1-rc6

1.12.1-rc7

1.12.1

1.12.2-rc2

1.13.0-b5

1.13.0-b6

1.13.0-b8

1.13.0

1.13.1

1.13.2-rc1

1.13.2-rc2

1.13.2-rc3

1.13.2

1.13.3

1.13.4

1.13.5

1.13.6

1.13.7

1.13.8

1.13.9-rc1

1.13.9-rc2

1.13.9-rc3

1.13.9-rc4

1.13.9

1.13.10-rc1

1.13.10-rc2

1.13.10

1.14.0-rc1

1.14.0-rc2

1.14.0-rc3

1.14.0-rc4

1.14.0-rc5

1.14.0-rc6

1.14.0

1.14.1

1.15.0-rc1

1.15.0-rc2

1.15.0

2.*

2.0.0-b1

2.0.0-rc1

2.0.0-rc2

2.0.0

2.1.0-rc1

2.1.0-rc2

2.1.0-rc3

2.1.0-rc6

2.1.0-rc7

2.1.0

2.2.1-b2

2.2.2-rc6

2.2.2

2.2.3-b1

2.2.3-b2

2.2.3-rc1

2.2.3

2.2.4-b2

2.2.4-b3

2.2.4

2.2.5-rc1

2.2.5

2.2.6-b1

2.2.6-b2

2.2.6-rc1

2.2.6

2.2.7-b2

2.2.7-b3

2.2.7-b4

2.2.7

2.2.8-b2

2.2.8-b3

2.2.8

2.4.0-rc1

2.4.0-rc2

2.4.0

2.5.0-rc2

2.5.0

2.5.1-rc1

2.5.1

2.5.2-b1

2.5.2-b2

2.5.2

2.5.3

2.5.4

2.5.5-rc1

2.5.5

2.5.6

2.5.7-rc1

2.5.7-rc2

2.5.7-rc3

2.5.9

2.6.0-rc3

2.6.0-rc4

2.6.0-rc5

2.6.0

2.7.0-rc1

2.7.0