VDB
CVE-2017-18635
CVE-2017-18635
PUBLISHED
An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name.
EPSS 6.49% · 91.3th percentile
Risk Scores
EPSS Score
6.49%
91.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | novnc | 1:0.4+dfsg+1+20131010+gitf68af8af3d-6, 1:0.4+dfsg+1+20131010+gitf68af8af3d-7, 0 |
| Ubuntu:16.04:LTS | novnc | 1:0.4+dfsg+1+20131010+gitf68af8af3d-4, 0 |
Exploit Intelligence
- PoC for CVE-2017-18635 (github-poc-repo)
- PoC for CVE-2017-18635 (github-poc-repo)
- PoC for CVE-2017-18635 (github-poc-repo)
- PoC for CVE-2017-18635 (github-poc-repo)
- PoC for CVE-2017-18635 (github-poc-repo)
- PoC for CVE-2017-18635 (github-poc-repo)
- PoC for CVE-2017-18635 (github-poc-repo)
- ossf-cve-benchmark/CVE-2017-18635 (github-poc-repo)
- ossf-cve-benchmark/CVE-2017-18635 (github-poc-repo)
- ossf-cve-benchmark/CVE-2017-18635 (github-poc-repo)
…and 11 more exploits
Timeline
- Sep 25, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Nov 8, 2023 CVE Updated
- Mar 19, 2025 EPSS Score
- Mar 27, 2025 EPSS Score
- Mar 28, 2025 EPSS Score
- Mar 30, 2025 EPSS Score
- Apr 18, 2025 EPSS Score
- May 30, 2025 EPSS Score
- Jun 1, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-18635 third-party-advisory
- https://bugs.launchpad.net/horizon/+bug/1656435 third-party-advisory
- https://github.com/novnc/noVNC/commit/6048299a138e078aed210f163111698c8c526a13#diff-286f7dc7b881e942e97cd50c10898f03L534 third-party-advisory
- https://github.com/novnc/noVNC/issues/748 third-party-advisory
- https://github.com/novnc/noVNC/releases/tag/v0.6.2 third-party-advisory
- https://ubuntu.com/security/notices/USN-4522-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-18635 third-party-advisory