Description

An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name.

Remediation

References

https://access.redhat.com/errata/RHSA-2020:0754

https://bugs.launchpad.net/horizon/+bug/1656435

https://github.com/novnc/noVNC/commit/6048299a138e078aed210f163111698c8c526a13#diff-286f7dc7b881e942e97cd50c10898f03L534

https://github.com/novnc/noVNC/issues/748

https://github.com/novnc/noVNC/releases/tag/v0.6.2

https://github.com/ShielderSec/cve-2017-18635

https://lists.debian.org/debian-lts-announce/2019/10/msg00004.html

https://lists.debian.org/debian-lts-announce/2021/12/msg00024.html

https://usn.ubuntu.com/4522-1/

https://www.shielder.it/blog/exploiting-an-old-novnc-xss-cve-2017-18635-in-openstack/

Related Vulnerabilities

CVE-2017-2638 Vulnerability in maven package org.infinispan:infinispan-compatibility-mode-it

CVE-2022-23617 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

CVE-2023-26488 Vulnerability in npm package @openzeppelin/contracts-upgradeable

CVE-2019-16775 Vulnerability in maven package org.webjars.npm:npm

CVE-2020-5497 Vulnerability in maven package org.mitre:openid-connect-server-webapp

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory Issue Tracking Patch Release Notes Mailing List Exploit