Opennetworking: >> Onos >> 2.5.1 Security Vulnerabilities
An issue was discovered in ONOS 2.5.1. To attack an intent installed by a normal user, a remote attacker can install a duplicate intent with a different key, and then remove the duplicate one. This will remove the flow rules of the intent, even though the intent still exists in the controller.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-04-20
A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-03-14
Page 2