GHSA-q63q-hwf6-3mw6

Suggest an improvement
Source
https://github.com/advisories/GHSA-q63q-hwf6-3mw6
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-q63q-hwf6-3mw6/GHSA-q63q-hwf6-3mw6.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-q63q-hwf6-3mw6
Aliases
Published
2023-05-05T00:30:19Z
Modified
2024-02-21T05:36:45.607949Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
ONOS vulnerable to Cross-site Scripting
Details

A cross-site scripting (XSS) vulnerability in Open Network Operating System (ONOS) from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the authorizationURL parameter of the API documentation dashboard under securityDefinitions > OAuth2 > authorizationURL.

Database specific
{
    "nvd_published_at": "2023-05-04T22:15:09Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-05-24T15:10:38Z"
}
References

Affected packages

Maven / org.onosproject:onos-archetypes

Package

Name
org.onosproject:onos-archetypes
View open source insights on deps.dev
Purl
pkg:maven/org.onosproject/onos-archetypes

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.9.0
Last affected
2.7.0

Affected versions

1.*

1.9.0
1.9.0-test1
1.9.1
1.9.2
1.10.0-rc1
1.10.0-rc2
1.10.0-rc3
1.10.0-rc4
1.10.0-rc5
1.10.0
1.10.1
1.10.2
1.10.3
1.10.4
1.10.5
1.10.6
1.10.7
1.10.8
1.10.9
1.10.10
1.10.11
1.10.12
1.11.0-b2
1.11.0-b3
1.11.0-b4
1.11.0-rc4
1.11.0-rc5
1.11.0-rc6
1.11.0
1.11.1-rc1
1.11.1
1.11.2-rc1
1.11.2-rc3
1.11.2-rc4
1.11.2-rc5
1.11.2-rc6
1.11.2
1.12.0-b1
1.12.0-b2
1.12.0-rc1
1.12.0-rc2
1.12.0-rc3
1.12.0
1.12.1-rc1
1.12.1-rc2
1.12.1-rc6
1.12.1-rc7
1.12.1
1.12.2-rc2
1.13.0-b5
1.13.0-b6
1.13.0-b8
1.13.0
1.13.1
1.13.2-rc1
1.13.2-rc2
1.13.2-rc3
1.13.2
1.13.3
1.13.4
1.13.5
1.13.6
1.13.7
1.13.8
1.13.9-rc1
1.13.9-rc2
1.13.9-rc3
1.13.9-rc4
1.13.9
1.13.10-rc1
1.13.10-rc2
1.13.10
1.14.0-rc1
1.14.0-rc2
1.14.0-rc3
1.14.0-rc4
1.14.0-rc5
1.14.0-rc6
1.14.0
1.14.1
1.15.0-rc1
1.15.0-rc2
1.15.0

2.*

2.0.0-b1
2.0.0-rc1
2.0.0-rc2
2.0.0
2.1.0-rc1
2.1.0-rc2
2.1.0-rc3
2.1.0-rc6
2.1.0-rc7
2.1.0
2.2.1-b2
2.2.2-rc6
2.2.2
2.2.3-b1
2.2.3-b2
2.2.3-rc1
2.2.3
2.2.4-b2
2.2.4-b3
2.2.4
2.2.5-rc1
2.2.5
2.2.6-b1
2.2.6-b2
2.2.6-rc1
2.2.6
2.2.7-b2
2.2.7-b3
2.2.7-b4
2.2.7
2.2.8-b2
2.2.8-b3
2.2.8
2.4.0-rc1
2.4.0-rc2
2.4.0
2.5.0-rc2
2.5.0
2.5.1-rc1
2.5.1
2.5.2-b1
2.5.2-b2
2.5.2
2.5.3
2.5.4
2.5.5-rc1
2.5.5
2.5.6
2.5.7-rc1
2.5.7-rc2
2.5.7-rc3
2.5.9
2.6.0-rc3
2.6.0-rc4
2.6.0-rc5
2.6.0
2.7.0-rc1
2.7.0