An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
DLA-1946-1 | novnc security update |
![]() |
DLA-2854-1 | novnc security update |
![]() |
EUVD-2020-0588 | An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name. |
![]() |
GHSA-49rv-g7w5-m8xx | Cross-Site Scripting in @novnc/novnc |
![]() |
USN-4522-1 | noVNC vulnerability |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-05T21:28:55.736Z
Reserved: 2019-09-25T00:00:00
Link: CVE-2017-18635

No data.

Status : Modified
Published: 2019-09-25T23:15:09.937
Modified: 2024-11-21T03:20:32.157
Link: CVE-2017-18635


No data.