Vulnerabilities > Onosproject > Onos > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-05-04 CVE-2023-30093 Cross-site Scripting vulnerability in Onosproject Onos
A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard.
network
low complexity
onosproject CWE-79
6.1
6.1
2018-07-05 CVE-2018-12691 Race Condition vulnerability in Onosproject Onos
Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data plane packet injection.
network
high complexity
onosproject CWE-362
6.8
6.8
2017-08-30 CVE-2017-13762 Cross-site Scripting vulnerability in Onosproject Onos 1.10.0/1.8.0/1.9.0
ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS.
network
low complexity
onosproject CWE-79
6.1
6.1
2017-07-17 CVE-2017-1000078 Cross-site Scripting vulnerability in Onosproject Onos 1.8.0/1.9.0
Linux foundation ONOS 1.9 is vulnerable to XSS in the device.
network
low complexity
onosproject CWE-79
6.1
6.1