A cross-site scripting (XSS) vulnerability in Open Network Operating System (ONOS) from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the authorizationURL parameter of the API documentation dashboard under securityDefinitions > OAuth2 > authorizationURL.
{ "nvd_published_at": "2023-05-04T22:15:09Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-05-24T15:10:38Z" }