VDB
DEBIAN-CVE-2017-18635
DEBIAN-CVE-2017-18635
PUBLISHED
CVSS 6.099999904632568 MEDIUM
An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name.
Risk Scores
CVSS v3.1
6.099999904632568
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | novnc | 0, 0, 0 |
| Debian:11 | novnc | 0, 0, 0 |
| Debian:14 | novnc | 0, 0, 0 |
| Debian:13 | novnc | 0, 0, 0 |
Timeline
- Sep 25, 2019 CVE Published
- Apr 28, 2026 CVE Updated