Bug 1152255 - (CVE-2017-18635) VUL-0: CVE-2017-18635: novnc: XSS vulnerability via malicious VNC server which could inject arbitrary HTML into the noVNC web page
(CVE-2017-18635)
VUL-0: CVE-2017-18635: novnc: XSS vulnerability via malicious VNC server whic...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/243315/
CVSSv3:SUSE:CVE-2017-18635:5.4:(AV:N/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-09-27 09:18 UTC by Alexander Bergmann
Modified: 2020-10-21 09:23 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Keith Berger 2020-06-02 15:01:17 UTC
This does not apply to SOC 9/8/7 as they are all using version 1.0 or newer

https://build.suse.de/package/show/Devel:Cloud:9/novnc
https://build.suse.de/package/show/Devel:Cloud:8/novnc
https://build.suse.de/package/show/Devel:Cloud:7/novnc

Security, please verify and close.
Comment 2 Marcus Meissner 2020-06-19 09:38:31 UTC
confirmed, closing