CVE-2017-18635

MEDIUM

noVNC <0.6.2 - XSS

Title source: llm

Description

An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name.

Exploits (1)

nomisec WORKING POC 5 stars

by ShielderSec · poc

https://github.com/ShielderSec/CVE-2017-18635

View Code ZIP pw:eip

References (10)

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2020:0754

[Issue Tracking, Third Party Advisory] https://bugs.launchpad.net/horizon/+bug/1656435

[Third Party Advisory] https://github.com/ShielderSec/cve-2017-18635

[Patch, Third Party Advisory] https://github.com/novnc/noVNC/commit/6048299a138e078aed210f163111698c8c526a13#diff-286f7dc7b881e942e97cd50c10898f03L534

[Patch, Third Party Advisory] https://github.com/novnc/noVNC/issues/748

[Release Notes, Third Party Advisory] https://github.com/novnc/noVNC/releases/tag/v0.6.2

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2019/10/msg00004.html

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2021/12/msg00024.html

[Third Party Advisory] https://usn.ubuntu.com/4522-1/

[Exploit, Third Party Advisory] https://www.shielder.it/blog/exploiting-an-old-novnc-xss-cve-2017-18635-in-openstack/

Scores

CVSS v3 6.1

EPSS 0.0831

EPSS Percentile 92.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (6)

canonical/ubuntu_linux 16.04

debian/debian_linux 8.0

debian/debian_linux 9.0

novnc/novnc < 0.6.2

novnc/novnc 0 - 0.6.2npm

redhat/openstack 13

Published Sep 25, 2019

Tracked Since Feb 18, 2026