CVE-2017-18635

MEDIUM

noVNC < 0.6.2 - Cross-Site Scripting via VNC Server Status Field

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-18635. PoCs published by ShielderSec.

AI-analyzed exploit summary This PoC exploits CVE-2017-18635, an XSS vulnerability in noVNC, by injecting malicious JavaScript via a crafted VNC server response. The script sets up a VNC server that sends an XSS payload in the server-name field to trigger the vulnerability.

Description

An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name.

Exploits (1)

nomisec WORKING POC 5 stars

by ShielderSec · poc

https://github.com/ShielderSec/CVE-2017-18635

View Code ZIP pw:eip

This PoC exploits CVE-2017-18635, an XSS vulnerability in noVNC, by injecting malicious JavaScript via a crafted VNC server response. The script sets up a VNC server that sends an XSS payload in the server-name field to trigger the vulnerability.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Moderate

Reliability

Reliable

Target: noVNC (versions affected by CVE-2017-18635)

No auth needed

Prerequisites: Network access to the target VNC server · Target must be using a vulnerable version of noVNC

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (10)

Core 10

Core References

Patch, Third Party Advisory x_refsource_misc

https://github.com/novnc/noVNC/issues/748

Release Notes, Third Party Advisory x_refsource_misc

https://github.com/novnc/noVNC/releases/tag/v0.6.2

Issue Tracking, Third Party Advisory x_refsource_misc

https://bugs.launchpad.net/horizon/+bug/1656435

Patch, Third Party Advisory x_refsource_misc

https://github.com/novnc/noVNC/commit/6048299a138e078aed210f163111698c8c526a13#diff-286f7dc7b881e942e97cd50c10898f03L534

View Patch ZIP pw:eip

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2019/10/msg00004.html

Exploit, Third Party Advisory x_refsource_misc

https://www.shielder.it/blog/exploiting-an-old-novnc-xss-cve-2017-18635-in-openstack/

Third Party Advisory x_refsource_misc

https://github.com/ShielderSec/cve-2017-18635

View Writeup ZIP pw:eip

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2020:0754

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4522-1/

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2021/12/msg00024.html

Scores

CVSS v3 6.1

EPSS 0.0649

EPSS Percentile 91.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (6)

canonical/ubuntu_linux 16.04

debian/debian_linux 8.0

debian/debian_linux 9.0

novnc/novnc < 0.6.2

novnc/novnc 0 - 0.6.2npm

redhat/openstack 13

Published Sep 25, 2019

Tracked Since Feb 18, 2026