ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS.
onosproject onos 1.9.0
onosproject onos 1.10.0
onosproject onos 1.8.0