USN-4522-1: noVNC vulnerability
It was discovered that noVNC did not properly manage certain messages,
resulting in the remote VNC server injecting arbitrary HTML into the
noVNC web page. An attacker could use this issue to conduct cross-site
scripting (XSS) attacks. (CVE-2017-18635)
Source: USN-4522-1: noVNC vulnerability
