CVE-2017-18635
Description
An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
7.253
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| HTML5 VNC client - daemon and programs (USN-4522-1) novnc_0.4+dfsg+1+20131010+gitf68af8af3d-4_all.deb | Linux |
| HTML5 VNC client - daemon and programs (USN-4522-1) novnc_0.4+dfsg+1+20131010+gitf68af8af3d-4+deb8u1build0.16.04.1_all.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234