CVE-2023-24279

Name of the Vulnerable Software and Affected Versions Open Networking Foundation ONOS versions v1.9.0 through v2.7.0

Description A cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard. This can occur under the info > contact > URL section.

Recommendations For Open Networking Foundation ONOS versions v1.9.0 through v2.7.0, consider disabling access to the API documentation dashboard until a patch is available. Restrict the use of the url parameter in the API documentation dashboard to minimize the risk of exploitation.