Description

An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name.

Remediation

References

https://github.com/novnc/noVNC/releases/tag/v0.6.2

https://github.com/novnc/noVNC/issues/748

https://bugs.launchpad.net/horizon/+bug/1656435

https://github.com/novnc/noVNC/commit/6048299a138e078aed210f163111698c8c526a13#diff-286f7dc7b881e942e97cd50c10898f03L534

https://lists.debian.org/debian-lts-announce/2019/10/msg00004.html

https://www.shielder.it/blog/exploiting-an-old-novnc-xss-cve-2017-18635-in-openstack/

https://github.com/ShielderSec/cve-2017-18635

https://access.redhat.com/errata/RHSA-2020:0754

https://usn.ubuntu.com/4522-1/

https://lists.debian.org/debian-lts-announce/2021/12/msg00024.html

Related Vulnerabilities

CVE-2022-23458 Vulnerability in maven package org.webjars.npm:tui-grid

CVE-2020-8441 Vulnerability in maven package org.jyaml:jyaml

CVE-2022-25760 Vulnerability in npm package accesslog

CVE-2019-19771 Vulnerability in npm package wallet-address-validtaor

CVE-2023-37895 Vulnerability in maven package org.apache.jackrabbit:jackrabbit-standalone-components

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Release Notes Third Party Advisory Patch Issue Tracking Mailing List Exploit