Description

An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name.

Remediation

References

https://access.redhat.com/errata/RHSA-2020:0754

https://bugs.launchpad.net/horizon/+bug/1656435

https://github.com/novnc/noVNC/commit/6048299a138e078aed210f163111698c8c526a13#diff-286f7dc7b881e942e97cd50c10898f03L534

https://github.com/novnc/noVNC/issues/748

https://github.com/novnc/noVNC/releases/tag/v0.6.2

https://github.com/ShielderSec/cve-2017-18635

https://lists.debian.org/debian-lts-announce/2019/10/msg00004.html

https://lists.debian.org/debian-lts-announce/2021/12/msg00024.html

https://usn.ubuntu.com/4522-1/

https://www.shielder.it/blog/exploiting-an-old-novnc-xss-cve-2017-18635-in-openstack/

Related Vulnerabilities

CVE-2022-1466 Vulnerability in maven package org.keycloak:keycloak-core

CVE-2023-26127 Vulnerability in npm package n158

CVE-2019-14862 Vulnerability in maven package org.webjars:knockout

CVE-2021-21380 Vulnerability in maven package org.xwiki.platform:xwiki-platform-ratings-api

CVE-2020-2279 Vulnerability in maven package org.jenkins-ci.plugins:script-security

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory Issue Tracking Patch Release Notes Mailing List Exploit