Mageia 7: MGASA-2020-0374 Moderate: noVNC HTML Injection

mageia

September 27, 2020

An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the stat...

Summary

An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name. (CVE-2017-18635)

References

- https://bugs.mageia.org/show_bug.cgi?id=27306

- https://ubuntu.com/security/notices/USN-4522-1

- https://www.cve.org/CVERecord?id=CVE-2017-18635

Topics Covered

security advisory XSS remote access html injection novnc mageia

Resolution

SRPMS

- 7/core/novnc-0.5.1-2.1.mga7

Publication date: 27 Sep 2020

URL: https://advisories.mageia.org/MGASA-2020-0374.html

Type: security

CVE: CVE-2017-18635

Topics Covered

security advisory XSS remote access html injection novnc mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Mageia 7: MGASA-2020-0374 Moderate: noVNC HTML Injection

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Mageia 7: MGASA-2020-0374 Moderate: noVNC HTML Injection

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!