CVE-2017-18635

NameCVE-2017-18635
DescriptionAn XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1946-1
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
novnc (PTS)jessie1:0.4+dfsg+1+20131010+gitf68af8af3d-4vulnerable
jessie (security)1:0.4+dfsg+1+20131010+gitf68af8af3d-4+deb8u1fixed
stretch1:0.4+dfsg+1+20131010+gitf68af8af3d-6vulnerable
buster1:1.0.0-1fixed
bullseye, sid1:1.0.0-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
novncsource(unstable)1:1.0.0-1medium
novncsourcejessie1:0.4+dfsg+1+20131010+gitf68af8af3d-4+deb8u1mediumDLA-1946-1

Notes

https://bugs.launchpad.net/horizon/+bug/1656435
https://github.com/novnc/noVNC/commit/6048299a138e078aed210f163111698c8c526a13#diff-286f7dc7b881e942e97cd50c10898f03L534
https://github.com/novnc/noVNC/issues/748

Search for package or bug name: Reporting problems