VDB

GCVE-110-MAGEIA-2020-374

GCVE-110-MAGEIA-2020-374
Advisory Published
Vulnetix · Advisory published September 27, 2020
An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name. (CVE-2017-18635)

Affected Products

VendorProductVersionsPlatforms
Mageianovnc0 (affected), 0.5.1-2.1.mga7 (unaffected)

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›