[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2017-18635":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":54,"duplicate_of":9,"upstream":56,"downstream":57,"duplicates":74,"related":75,"reserved_at":9,"published_at":77,"modified_at":78,"state":79,"summary":80,"references_raw":88,"kevs":168,"epss":169,"epss_history":172,"metrics":433,"affected":446},"CVE-2017-18635","An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],[45],{"_key":46,"name":47,"source":48,"url":49,"maturity":50,"reliability_score":51,"verified":52,"type":9,"platforms":53,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_7F0F8BBDFA0304B6","Exploit Reference (shielder.it)","reference","https://www.shielder.it/blog/exploiting-an-old-novnc-xss-cve-2017-18635-in-openstack/","unknown",0.2,false,[],[55],"GHSA-49rv-g7w5-m8xx",[],[58,60,62,64,66,68,70,72],{"_key":59},"RHSA-2020:0754",{"_key":61},"UBUNTU-CVE-2017-18635",{"_key":63},"DLA-1946-1",{"_key":65},"DLA-2854-1",{"_key":67},"MGASA-2020-0374",{"_key":69},"USN-4522-1",{"_key":71},"DEBIAN-CVE-2017-18635",{"_key":73},"RHSA-2020:3247",[],[76],{"_key":67},"2019-09-25T22:59:16.000Z","2024-08-05T21:28:55.736Z","Modified",{"cisa_kev":52,"cisa_ransomware":52,"cisa_vendor":9,"epss_severity":81,"epss_score":82,"severity":83,"severity_score":84,"severity_version":85,"severity_source":86,"severity_vector":87,"severity_status":79},"low",0.06495,"medium",6.1,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",[89,99,104,109,113,119,123,127,133,138,142,147,152,156,160,164],{"url":90,"sources":91,"tags":94},"https://github.com/novnc/noVNC/issues/748",[92,86,93],"cve.org","osv_npm",[95,96,97,98],"X Refsource MISC","Patch","Third Party Advisory","WEB",{"url":100,"sources":101,"tags":102},"https://github.com/novnc/noVNC/releases/tag/v0.6.2",[92,86,93],[95,103,97,98],"Release Notes",{"url":105,"sources":106,"tags":107},"https://bugs.launchpad.net/horizon/+bug/1656435",[92,86,93],[95,108,97,98],"Issue Tracking",{"url":110,"sources":111,"tags":112},"https://github.com/novnc/noVNC/commit/6048299a138e078aed210f163111698c8c526a13#diff-286f7dc7b881e942e97cd50c10898f03L534",[92,86,93],[95,96,97,98],{"url":114,"sources":115,"tags":116},"https://lists.debian.org/debian-lts-announce/2019/10/msg00004.html",[92,86,93],[117,118,97,98],"Mailing List","X Refsource MLIST",{"url":49,"sources":120,"tags":121},[92,86],[95,122,97],"Exploit",{"url":124,"sources":125,"tags":126},"https://github.com/ShielderSec/cve-2017-18635",[92,86,93],[95,97,98],{"url":128,"sources":129,"tags":130},"https://access.redhat.com/errata/RHSA-2020:0754",[92,86,93],[131,132,97,98],"Vendor Advisory","X Refsource REDHAT",{"url":134,"sources":135,"tags":136},"https://usn.ubuntu.com/4522-1/",[92,86],[131,137,97],"X Refsource UBUNTU",{"url":139,"sources":140,"tags":141},"https://lists.debian.org/debian-lts-announce/2021/12/msg00024.html",[92,86,93],[117,118,97,98],{"url":143,"sources":144,"tags":145},"https://nvd.nist.gov/vuln/detail/CVE-2017-18635",[93],[146],"Advisory",{"url":148,"sources":149,"tags":150},"https://github.com/novnc/noVNC",[93],[151],"PACKAGE",{"url":153,"sources":154,"tags":155},"https://snyk.io/vuln/SNYK-JS-NOVNCNOVNC-469136",[93],[98],{"url":157,"sources":158,"tags":159},"https://usn.ubuntu.com/4522-1",[93],[98],{"url":161,"sources":162,"tags":163},"https://www.npmjs.com/advisories/1204",[93],[98],{"url":165,"sources":166,"tags":167},"https://www.shielder.it/blog/exploiting-an-old-novnc-xss-cve-2017-18635-in-openstack",[93],[98],[],{"date":170,"score":82,"percentile":171},"2026-06-04",0.91265,[173,177,180,182,185,188,191,194,197,200,203,206,209,212,214,217,220,223,226,228,231,233,236,239,241,243,246,249,253,256,258,261,264,267,270,273,276,279,282,285,287,289,292,295,299,302,305,308,311,313,316,319,322,325,329,332,335,337,340,344,347,350,353,356,358,361,364,367,370,372,374,377,380,383,387,390,393,396,398,401,404,407,410,413,416,419,422,425,427,430],{"date":174,"score":175,"percentile":176},"2025-11-04",0.07253,0.91223,{"date":178,"score":175,"percentile":179},"2025-11-05",0.91221,{"date":181,"score":175,"percentile":176},"2025-11-06",{"date":183,"score":175,"percentile":184},"2025-11-07",0.91229,{"date":186,"score":175,"percentile":187},"2025-11-08",0.91228,{"date":189,"score":175,"percentile":190},"2025-11-09",0.91225,{"date":192,"score":175,"percentile":193},"2025-11-10",0.91226,{"date":195,"score":175,"percentile":196},"2025-11-11",0.91231,{"date":198,"score":175,"percentile":199},"2025-11-12",0.91235,{"date":201,"score":175,"percentile":202},"2025-11-13",0.91238,{"date":204,"score":175,"percentile":205},"2025-11-14",0.9124,{"date":207,"score":175,"percentile":208},"2025-11-15",0.91237,{"date":210,"score":175,"percentile":211},"2025-11-16",0.91244,{"date":213,"score":175,"percentile":211},"2025-11-17",{"date":215,"score":175,"percentile":216},"2025-11-18",0.90735,{"date":218,"score":175,"percentile":219},"2025-11-19",0.90739,{"date":221,"score":175,"percentile":222},"2025-11-20",0.90744,{"date":224,"score":175,"percentile":225},"2025-11-21",0.91256,{"date":227,"score":175,"percentile":225},"2025-11-22",{"date":229,"score":175,"percentile":230},"2025-11-23",0.91261,{"date":232,"score":175,"percentile":230},"2025-11-24",{"date":234,"score":175,"percentile":235},"2025-11-25",0.91263,{"date":237,"score":175,"percentile":238},"2025-11-26",0.91262,{"date":240,"score":175,"percentile":238},"2025-11-27",{"date":242,"score":175,"percentile":225},"2025-11-28",{"date":244,"score":175,"percentile":245},"2025-11-29",0.91285,{"date":247,"score":175,"percentile":248},"2025-11-30",0.91283,{"date":250,"score":251,"percentile":252},"2025-12-01",0.05325,0.89718,{"date":254,"score":251,"percentile":255},"2025-12-02",0.89721,{"date":257,"score":251,"percentile":255},"2025-12-03",{"date":259,"score":175,"percentile":260},"2025-12-04",0.91278,{"date":262,"score":175,"percentile":263},"2025-12-05",0.91281,{"date":265,"score":175,"percentile":266},"2025-12-06",0.91282,{"date":268,"score":175,"percentile":269},"2025-12-07",0.91279,{"date":271,"score":175,"percentile":272},"2025-12-08",0.9128,{"date":274,"score":175,"percentile":275},"2025-12-09",0.91284,{"date":277,"score":175,"percentile":278},"2025-12-10",0.9129,{"date":280,"score":175,"percentile":281},"2025-12-11",0.91294,{"date":283,"score":175,"percentile":284},"2025-12-12",0.91296,{"date":286,"score":175,"percentile":245},"2025-12-13",{"date":288,"score":175,"percentile":248},"2025-12-14",{"date":290,"score":175,"percentile":291},"2025-12-15",0.91286,{"date":293,"score":175,"percentile":294},"2025-12-16",0.91298,{"date":296,"score":297,"percentile":298},"2025-12-17",0.08306,0.91947,{"date":300,"score":297,"percentile":301},"2025-12-18",0.9195,{"date":303,"score":297,"percentile":304},"2025-12-19",0.91954,{"date":306,"score":297,"percentile":307},"2025-12-20",0.91955,{"date":309,"score":297,"percentile":310},"2025-12-21",0.91956,{"date":312,"score":297,"percentile":307},"2025-12-22",{"date":314,"score":297,"percentile":315},"2025-12-23",0.91958,{"date":317,"score":297,"percentile":318},"2025-12-24",0.91963,{"date":320,"score":297,"percentile":321},"2025-12-25",0.91966,{"date":323,"score":297,"percentile":324},"2025-12-26",0.91965,{"date":326,"score":327,"percentile":328},"2025-12-27",0.05535,0.90006,{"date":330,"score":297,"percentile":331},"2025-12-28",0.91961,{"date":333,"score":297,"percentile":334},"2025-12-29",0.91957,{"date":336,"score":297,"percentile":318},"2025-12-30",{"date":338,"score":297,"percentile":339},"2025-12-31",0.9197,{"date":341,"score":342,"percentile":343},"2026-01-01",0.07833,0.91753,{"date":345,"score":342,"percentile":346},"2026-01-02",0.91748,{"date":348,"score":342,"percentile":349},"2026-01-03",0.91749,{"date":351,"score":297,"percentile":352},"2026-01-04",0.91979,{"date":354,"score":297,"percentile":355},"2026-01-05",0.91977,{"date":357,"score":297,"percentile":352},"2026-01-06",{"date":359,"score":297,"percentile":360},"2026-01-07",0.91978,{"date":362,"score":297,"percentile":363},"2026-01-08",0.91981,{"date":365,"score":297,"percentile":366},"2026-01-09",0.91984,{"date":368,"score":297,"percentile":369},"2026-01-10",0.91986,{"date":371,"score":297,"percentile":352},"2026-01-11",{"date":373,"score":297,"percentile":352},"2026-01-12",{"date":375,"score":297,"percentile":376},"2026-01-13",0.9198,{"date":378,"score":297,"percentile":379},"2026-01-14",0.91993,{"date":381,"score":297,"percentile":382},"2026-01-15",0.91995,{"date":384,"score":385,"percentile":386},"2026-01-16",0.09771,0.92715,{"date":388,"score":385,"percentile":389},"2026-01-17",0.92717,{"date":391,"score":385,"percentile":392},"2026-01-18",0.92712,{"date":394,"score":385,"percentile":395},"2026-01-19",0.92714,{"date":397,"score":385,"percentile":389},"2026-01-20",{"date":399,"score":385,"percentile":400},"2026-01-21",0.92723,{"date":402,"score":385,"percentile":403},"2026-01-22",0.92727,{"date":405,"score":385,"percentile":406},"2026-01-23",0.92731,{"date":408,"score":175,"percentile":409},"2026-01-24",0.91391,{"date":411,"score":175,"percentile":412},"2026-01-25",0.9139,{"date":414,"score":175,"percentile":415},"2026-01-26",0.91393,{"date":417,"score":175,"percentile":418},"2026-01-27",0.91397,{"date":420,"score":175,"percentile":421},"2026-01-28",0.91403,{"date":423,"score":175,"percentile":424},"2026-01-29",0.91404,{"date":426,"score":175,"percentile":421},"2026-01-30",{"date":428,"score":175,"percentile":429},"2026-01-31",0.91401,{"date":431,"score":251,"percentile":432},"2026-02-01",0.89838,[434,444],{"source":86,"cvss_v2_0":435,"cvss_v3_0":9,"cvss_v3_1":440,"cvss_v4_0":9},{"baseScore":436,"baseSeverity":9,"vectorString":437,"impactScore":438,"exploitabilityScore":439},4.3,"AV:N/AC:M/Au:N/C:N/I:P/A:N",2.9,8.6,{"baseScore":84,"baseSeverity":441,"vectorString":87,"impactScore":442,"exploitabilityScore":443},"MEDIUM",4.5,7.2,{"source":93,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":445,"cvss_v4_0":9},{"baseScore":84,"baseSeverity":9,"vectorString":87,"impactScore":442,"exploitabilityScore":443},[447,456,465,474,483],{"ecosystem":9,"name":448,"vendor":449,"product":450,"cpe_part":451,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":452},"ubuntu linux","canonical","ubuntu_linux","o",[453],{"version":454,"is_range":52,"range_type":455,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"16.04","cpe",{"ecosystem":9,"name":457,"vendor":458,"product":459,"cpe_part":451,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":460},"debian linux","debian","debian_linux",[461,463],{"version":462,"is_range":52,"range_type":455,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0",{"version":464,"is_range":52,"range_type":455,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0",{"ecosystem":9,"name":466,"vendor":466,"product":466,"cpe_part":467,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":468},"novnc","a",[469],{"version":470,"is_range":471,"range_type":455,"version_start":9,"version_start_type":9,"version_end":472,"version_end_type":473,"fixed_in":9},"lt0.6.2",true,"0.6.2","excluding",{"ecosystem":475,"name":476,"vendor":477,"product":466,"cpe_part":9,"purl_type":478,"purl_namespace":477,"purl_name":466,"source":9,"versions":479},"Npm","@novnc/novnc","@novnc","npm",[480],{"version":481,"is_range":471,"range_type":482,"version_start":9,"version_start_type":9,"version_end":472,"version_end_type":473,"fixed_in":9},"lt0_6_2","semver",{"ecosystem":9,"name":484,"vendor":485,"product":484,"cpe_part":467,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":486},"openstack","redhat",[487],{"version":488,"is_range":52,"range_type":455,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"13"]