Description

An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name.

Remediation

References

https://access.redhat.com/errata/RHSA-2020:0754

https://bugs.launchpad.net/horizon/+bug/1656435

https://github.com/novnc/noVNC/commit/6048299a138e078aed210f163111698c8c526a13#diff-286f7dc7b881e942e97cd50c10898f03L534

https://github.com/novnc/noVNC/issues/748

https://github.com/novnc/noVNC/releases/tag/v0.6.2

https://github.com/ShielderSec/cve-2017-18635

https://lists.debian.org/debian-lts-announce/2019/10/msg00004.html

https://lists.debian.org/debian-lts-announce/2021/12/msg00024.html

https://usn.ubuntu.com/4522-1/

https://www.shielder.it/blog/exploiting-an-old-novnc-xss-cve-2017-18635-in-openstack/

Related Vulnerabilities

CVE-2017-16035 Vulnerability in npm package hubl-server

CVE-2023-31581 Vulnerability in maven package com.usthe.sureness:sureness-core

CVE-2019-1003026 Vulnerability in maven package org.jenkins-ci.plugins:mattermost

CVE-2021-32854 Vulnerability in maven package org.webjars:textangular

CVE-2017-7669 Vulnerability in maven package org.apache.hadoop:hadoop-yarn-server-nodemanager

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory Issue Tracking Patch Release Notes Mailing List Exploit