Lucene search

K
osvGoogleOSV:USN-4522-1
HistorySep 21, 2020 - 6:50 p.m.

novnc vulnerability

2020-09-2118:50:17
Google
osv.dev
2

6.7 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.0%

It was discovered that noVNC did not properly manage certain messages,
resulting in the remote VNC server injecting arbitrary HTML into the
noVNC web page. An attacker could use this issue to conduct cross-site
scripting (XSS) attacks. (CVE-2017-18635)