CVE-2017-18635 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2017-18635 Interim 1 13 2022-11-09T02:13:11Z current 2021-05-30T14:05:49Z 2022-11-09T02:13:11Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2017-18635 An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings HPE Helion OpenStack 8 HPE Helion OpenStack Cloud 8 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 novnc novnc as a component of HPE Helion OpenStack 8 novnc as a component of HPE Helion OpenStack Cloud 8 novnc as a component of SUSE Linux Enterprise Module for Basesystem 15 novnc as a component of SUSE Linux Enterprise Module for Basesystem 15 SP1 novnc as a component of SUSE OpenStack Cloud 7 novnc as a component of SUSE OpenStack Cloud 8 novnc as a component of SUSE OpenStack Cloud 9 novnc as a component of SUSE OpenStack Cloud Crowbar 8 novnc as a component of SUSE OpenStack Cloud Crowbar 9 An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name. CVE-2017-18635 HPE Helion OpenStack 8:novnc HPE Helion OpenStack Cloud 8:novnc SUSE Linux Enterprise Module for Basesystem 15 SP1:novnc SUSE Linux Enterprise Module for Basesystem 15:novnc SUSE OpenStack Cloud 7:novnc SUSE OpenStack Cloud 8:novnc SUSE OpenStack Cloud 9:novnc SUSE OpenStack Cloud Crowbar 8:novnc SUSE OpenStack Cloud Crowbar 9:novnc moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N 5.4 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L