Ubuntu Security Notice 4522-1 - It was discovered that noVNC did not properly manage certain messages, resulting in the remote VNC server injecting arbitrary HTML into the noVNC web page. An attacker could use this issue to conduct cross-site scripting attacks.
5ae21e4984019a08972b1af6dcd3d7045a3453ee999b9508be4edcc8f21311a6Red Hat Security Advisory 2020-3247-01 - The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. Issues addressed include code execution and cross site scripting vulnerabilities.
e6f2535c6436b0a735b170e94bf5d8887dbf21ad4b4d2db85d0b797efa770f33Red Hat Security Advisory 2020-0754-01 - The novnc package provides a VNC client that uses HTML5 and includes encryption support. An XSS vulnerability was discovered in noVNC in which arbitrary HTML could be injected into the noVNC web page. An attacker having access to a VNC server could use target host values in a crafted URL to gain access to secure information. Issues addressed include a cross site scripting vulnerability.
d2fd665bc799beef786875183c0471b301e55346c9b45549987568af18a43ead
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed