CVE-2017-18635

Published September 25th, 2019

View on NVD ↗

CVSS v3

6.1

MEDIUM

CVSS v2

4.3

MEDIUM

Affected

PROJECTS

Description

An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name.

novnc/noVNC

VNC client web application

GitHub

13.7K

ShielderSec/CVE-2017-18635

PoC for CVE-2017-18635

GitHub