Description

An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name.

Remediation

References

https://access.redhat.com/errata/RHSA-2020:0754

https://bugs.launchpad.net/horizon/+bug/1656435

https://github.com/novnc/noVNC/commit/6048299a138e078aed210f163111698c8c526a13#diff-286f7dc7b881e942e97cd50c10898f03L534

https://github.com/novnc/noVNC/issues/748

https://github.com/novnc/noVNC/releases/tag/v0.6.2

https://github.com/ShielderSec/cve-2017-18635

https://lists.debian.org/debian-lts-announce/2019/10/msg00004.html

https://lists.debian.org/debian-lts-announce/2021/12/msg00024.html

https://usn.ubuntu.com/4522-1/

https://www.shielder.it/blog/exploiting-an-old-novnc-xss-cve-2017-18635-in-openstack/

Related Vulnerabilities

CVE-2020-7706 Vulnerability in npm package connie-lang

CVE-2022-38900 Vulnerability in maven package org.webjars.bowergithub.samverschueren:decode-uri-component

CVE-2022-36903 Vulnerability in maven package org.jenkins-ci.plugins:repository-connector

CVE-2018-1000665 Vulnerability in maven package org.webjars.bowergithub.dojo:dojo

CVE-2021-40111 Vulnerability in maven package org.apache.james:james-server

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory Issue Tracking Patch Release Notes Mailing List Exploit