CVE-2017-18635

🗓️ 25 Sep 2019 22:59:16Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 167 Views

An XSS vulnerability in noVNC before 0.6.2 allows remote VNC server to inject arbitrary HTML into web page

Reporter	Title	Published	Views	Family All 42
IBM Security Bulletins	Security Bulletin: PowerVC is impacted by an XSS vulnerability discovered in noVNC (CVE-2017-18635)	12 Mar 202004:10	–	ibm
Circl	CVE-2017-18635	22 Oct 201911:28	–	circl
CNVD	noVNC Cross-Site Scripting Vulnerability	11 Oct 201900:00	–	cnvd
Cvelist	CVE-2017-18635	25 Sep 201922:59	–	cvelist
Debian	[SECURITY] [DLA 1946-1] novnc security update	5 Oct 201914:40	–	debian
Debian	[SECURITY] [DLA 2854-1] novnc security update	28 Dec 202110:47	–	debian
Debian CVE	CVE-2017-18635	25 Sep 201922:59	–	debiancve
Tenable Nessus	Debian DLA-1946-1 : novnc security update	7 Oct 201900:00	–	nessus
Tenable Nessus	Debian DLA-2854-1 : novnc - LTS security update	28 Dec 202100:00	–	nessus
Tenable Nessus	RHEL 7 : novnc (RHSA-2020:0754)	23 Jan 202300:00	–	nessus

NVD

Node

novnc novncRange<0.6.2

Node

Node

Node

Source	Link
github	www.github.com/ShielderSec/cve-2017-18635
lists	www.lists.debian.org/debian-lts-announce/2021/12/msg00024.html
github	www.github.com/novnc/noVNC/commit/6048299a138e078aed210f163111698c8c526a13
github	www.github.com/novnc/noVNC/releases/tag/v0.6.2
shielder	www.shielder.it/blog/exploiting-an-old-novnc-xss-cve-2017-18635-in-openstack/
bugs	www.bugs.launchpad.net/horizon/+bug/1656435
usn	www.usn.ubuntu.com/4522-1/
access	www.access.redhat.com/errata/RHSA-2020:0754
lists	www.lists.debian.org/debian-lts-announce/2019/10/msg00004.html
github	www.github.com/novnc/noVNC/issues/748

21 Nov 2024 03:20Current

5.8Medium risk

Vulners AI Score5.8

CVSS 24.3

CVSS 3.16.1

EPSS0.06495