CVE-2023-30093: 
Java vulnerability analysis and mitigation

A cross-site scripting (XSS) vulnerability exists in Open Networking Foundation ONOS versions v1.9.0 to v2.7.0. The vulnerability allows attackers to execute arbitrary web scripts or HTML through a crafted payload injected into the url parameter of the API documentation dashboard (NVD, CVE).

The vulnerability has been assigned CVE-2023-30093 with a CVSS v3.1 Base Score of 6.1 (MEDIUM). The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, indicating that the vulnerability is network accessible, requires low attack complexity, needs no privileges, requires user interaction, has changed scope, and can impact both confidentiality and integrity at a low level with no impact on availability (NVD).

When successfully exploited, this vulnerability allows attackers to execute arbitrary web scripts or HTML in the context of the API documentation dashboard. This could potentially lead to theft of sensitive information, manipulation of content, or other malicious actions within the scope of the user's browser session (NVD).

Users should upgrade to a version newer than ONOS v2.7.0 if available, or implement appropriate input validation and output encoding mechanisms to prevent XSS attacks (NVD).