USN-4522-1: noVNC vulnerability

  • Thread starter Ubuntu security notices
  • Start date
U

Ubuntu security notices

Guest
It was discovered that noVNC did not properly manage certain messages, resulting in the remote VNC server injecting arbitrary HTML into the noVNC web page. An attacker could use this issue to conduct cross-site scripting (XSS) attacks. (CVE-2017-18635)

Continue reading...
 
Top