Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2017-18635

An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.052
EPSS Ranking 89.4%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2017-18635
  • Novnc » Novnc » Version: N/A
    cpe:2.3:a:novnc:novnc:-
  • Novnc » Novnc » Version: 0.1
    cpe:2.3:a:novnc:novnc:0.1
  • Novnc » Novnc » Version: 0.2
    cpe:2.3:a:novnc:novnc:0.2
  • Novnc » Novnc » Version: 0.3
    cpe:2.3:a:novnc:novnc:0.3
  • Novnc » Novnc » Version: 0.4
    cpe:2.3:a:novnc:novnc:0.4
  • Novnc » Novnc » Version: 0.5
    cpe:2.3:a:novnc:novnc:0.5
  • Novnc » Novnc » Version: 0.5.1
    cpe:2.3:a:novnc:novnc:0.5.1
  • Novnc » Novnc » Version: 0.6.0
    cpe:2.3:a:novnc:novnc:0.6.0
  • Novnc » Novnc » Version: 0.6.1
    cpe:2.3:a:novnc:novnc:0.6.1
  • Redhat » Openstack » Version: 13
    cpe:2.3:a:redhat:openstack:13
  • Canonical » Ubuntu Linux » Version: 16.04
    cpe:2.3:o:canonical:ubuntu_linux:16.04
  • Debian » Debian Linux » Version: 8.0
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian » Debian Linux » Version: 9.0
    cpe:2.3:o:debian:debian_linux:9.0


Products
Pricing
Contact Us

Shodan ® - All rights reserved