An XSS vulnerability exists in noVNC prior to 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
novnc novnc |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
canonical ubuntu linux 16.04 |
||
redhat openstack 13 |