Lucene search
PRIOn knowledge basePRION:CVE-2017-18635HistorySep 25, 2019 - 11:15 p.m.
Cross site scripting
2019-09-2523:15:00
PRIOn knowledge base
www.prio-n.com
7
An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ubuntu_linux | eq | 16.04 | |
| debian_linux | eq | 8.0 | |
| debian_linux | eq | 9.0 | |
| novnc | lt | 0.6.2 | |
| openstack | eq | 13 |
References
access.redhat.com/errata/RHSA-2020:0754
bugs.launchpad.net/horizon/+bug/1656435
github.com/novnc/noVNC/commit/6048299a138e078aed210f163111698c8c526a13
github.com/novnc/noVNC/issues/748
github.com/novnc/noVNC/releases/tag/v0.6.2
github.com/ShielderSec/cve-2017-18635
lists.debian.org/debian-lts-announce/2019/10/msg00004.html
lists.debian.org/debian-lts-announce/2021/12/msg00024.html
usn.ubuntu.com/4522-1/
www.shielder.it/blog/exploiting-an-old-novnc-xss-cve-2017-18635-in-openstack/
Related
openvas
openvas
Mageia: Security Advisory (MGASA-2020-0374)
2022-01-28 00:00:00
Ubuntu: Security Advisory (USN-4522-1)
2022-08-26 00:00:00
Debian: Security Advisory (DLA-1946-1)
2019-10-06 00:00:00
nvd
nvd
CVE-2017-18635
2019-09-25 23:15:09
ibm
ibm
redhat
redhat
(RHSA-2020:0754) Moderate: novnc security update
2020-03-10 09:38:48
osv
osv
novnc - security update
2019-10-05 00:00:00
CVE-2017-18635
2019-09-25 23:15:09
Cross-Site Scripting in @novnc/novnc
2020-08-28 21:24:59
cve
cve
CVE-2017-18635
2019-09-25 23:15:09
debian
debian
[SECURITY] [DLA 2854-1] novnc security update
2021-12-28 10:47:50
[SECURITY] [DLA 1946-1] novnc security update
2019-10-05 14:40:50
nodejs
nodejs
Cross-Site Scripting
2019-10-04 18:51:29
ubuntu
ubuntu
noVNC vulnerability
2020-09-21 00:00:00
ubuntucve
ubuntucve
CVE-2017-18635
2019-09-25 00:00:00
veracode
veracode
Cross-Site Scripting (XSS)
2019-10-01 02:34:40
cvelist
cvelist
CVE-2017-18635
2019-09-25 22:59:16
redhatcve
redhatcve
CVE-2017-18635
2019-10-25 16:51:02
github
github
Cross-Site Scripting in @novnc/novnc
2020-08-28 21:24:59
nessus
nessus
Debian DLA-1946-1 : novnc security update
2019-10-07 00:00:00
Ubuntu 16.04 LTS : noVNC vulnerability (USN-4522-1)
2020-09-21 00:00:00
RHEL 7 : novnc (RHSA-2020:0754)
2023-01-23 00:00:00
mageia
mageia
Updated novnc package fixes a security vulnerability
2020-09-27 23:06:37
debiancve
debiancve
CVE-2017-18635
2019-09-25 23:15:09