Lucene search
Redhat.comRH:CVE-2017-18635HistoryOct 25, 2019 - 4:51 p.m.
CVE-2017-18635
2019-10-2516:51:02
redhat.com
access.redhat.com
21
0.004 Low
EPSS
Percentile
72.1%
An XSS vulnerability was discovered in noVNC in which arbitrary HTML could be injected into the noVNC web page. An attacker having access to a VNC server could use target host values in a crafted URL to gain access to secure information (such as VM tokens).
Mitigation
There is no known mitigation for this issue, the flaw can only be resolved by applying updates.
Related
prion
prion
Cross site scripting
2019-09-25 23:15:00
openvas
openvas
Mageia: Security Advisory (MGASA-2020-0374)
2022-01-28 00:00:00
Ubuntu: Security Advisory (USN-4522-1)
2022-08-26 00:00:00
Debian: Security Advisory (DLA-1946-1)
2019-10-06 00:00:00
nvd
nvd
CVE-2017-18635
2019-09-25 23:15:09
ibm
ibm
redhat
redhat
(RHSA-2020:0754) Moderate: novnc security update
2020-03-10 09:38:48
osv
osv
novnc - security update
2019-10-05 00:00:00
CVE-2017-18635
2019-09-25 23:15:09
Cross-Site Scripting in @novnc/novnc
2020-08-28 21:24:59
cve
cve
CVE-2017-18635
2019-09-25 23:15:09
debian
debian
[SECURITY] [DLA 2854-1] novnc security update
2021-12-28 10:47:50
[SECURITY] [DLA 1946-1] novnc security update
2019-10-05 14:40:50
nodejs
nodejs
Cross-Site Scripting
2019-10-04 18:51:29
ubuntu
ubuntu
noVNC vulnerability
2020-09-21 00:00:00
ubuntucve
ubuntucve
CVE-2017-18635
2019-09-25 00:00:00
veracode
veracode
Cross-Site Scripting (XSS)
2019-10-01 02:34:40
cvelist
cvelist
CVE-2017-18635
2019-09-25 22:59:16
github
github
Cross-Site Scripting in @novnc/novnc
2020-08-28 21:24:59
nessus
nessus
Debian DLA-1946-1 : novnc security update
2019-10-07 00:00:00
Ubuntu 16.04 LTS : noVNC vulnerability (USN-4522-1)
2020-09-21 00:00:00
RHEL 7 : novnc (RHSA-2020:0754)
2023-01-23 00:00:00
mageia
mageia
Updated novnc package fixes a security vulnerability
2020-09-27 23:06:37
debiancve
debiancve
CVE-2017-18635
2019-09-25 23:15:09