CVE-2017-18635

Priority
Description
An XSS vulnerability was discovered in noVNC before 0.6.2 in which the
remote VNC server could inject arbitrary HTML into the noVNC web page via
the messages propagated to the status field, such as the VNC server name.
Notes
Package
Source: novnc (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (1:0.4+dfsg+1+20131010+gitf68af8af3d-4+deb8u1build0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 20.04 LTS (Focal Fossa):not-affected (code not present)
Ubuntu 20.10 (Groovy Gorilla):not-affected (code not present)
More Information

Updated: 2020-09-21 20:15:03 UTC (commit 0cf0a20f014b2ca2b7eacd26325ffc59ad2233eb)