onos-api is vulnerable to Cross Site Scripting. The vulnerability exists due to the vulnerable swagger dependency used in the library since it does not properly sanitize the authorizationUrl
, which allows an attacker to execute arbitrary code when uploading a crafted YAML file.