Skip to main content

Onos CVE-2023-24279

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2023-03-14 cve@mitre.org
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Mar 14, 2023 - 01:15 nvd
MEDIUM 6.1

DescriptionNVD

A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard.

AnalysisAI

A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard. Affected products include: Opennetworking Onos.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

More in Onos

View all
CVE-2018-1000616 CRITICAL POC
9.8 Jul 09

ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\drivers\utili

CVE-2018-1000614 CRITICAL POC
9.8 Jul 09

ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in. Rated critical se

CVE-2025-29312 CRITICAL POC
9.1 Mar 24

An issue in onos v2.7.0 allows attackers to trigger unexpected behavior within a device connected to a legacy switch via

CVE-2018-1000615 HIGH POC
7.5 Jul 09

ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnerability in OVSDB comp

CVE-2017-1000081 CRITICAL
9.8 Jul 17

Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code exec

CVE-2023-30093 MEDIUM POC
6.1 May 04

A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attac

CVE-2023-41591 CRITICAL
9.8 May 29

An issue in Open Network Foundation ONOS v2.7.0 allows attackers to create fake IP/MAC addresses and potentially execute

CVE-2019-13624 CRITICAL
9.8 Jul 17

In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote character

CVE-2018-1999020 MEDIUM POC
5.5 Jul 23

Open Networking Foundation (ONF) ONOS version 1.13.2 and earlier version contains a Directory Traversal vulnerability in

CVE-2015-7516 HIGH
7.5 Aug 24

ONOS before 1.5.0 when using the ifwd app allows remote attackers to cause a denial of service (NULL pointer dereference

CVE-2017-1000079 HIGH
7.5 Jul 17

Linux foundation ONOS 1.9.0 is vulnerable to a DoS. Rated high severity (CVSS 7.5), this vulnerability is remotely explo

CVE-2017-13763 HIGH
7.5 Aug 30

ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. Rated high severity (CVSS 7.5), t

Share

CVE-2023-24279 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy