Published: 20/09/2017 Updated: 17/10/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in IPython prior to 3.2 allows remote malicious users to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ipython ipython

Debian Bug report logs - #789824 ipython: CVE-2015-4707: XSS in JSON error responses Package: src:ipython; Maintainer for src:ipython is Debian Python Modules Team <python-modules-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 24 Jun 2015 20:33:02 UTC Severity: importa ...

Debian Bug report logs - #798886 ipython: CVE-2015-6938: XSS vulnerability Package: src:ipython; Maintainer for src:ipython is Debian Python Modules Team <python-modules-team@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sun, 13 Sep 2015 20:12:20 UTC Severity: grave Tags: fixed-upst ...

CWE-79 https://ipython.org/ipython-doc/3/whatsnew/version3.html https://github.com/ipython/ipython/commit/c2078a53543ed502efd968649fee1125e0eb549c https://github.com/ipython/ipython/commit/7222bd53ad089a65fd610fab4626f9d0ab47dfce https://bugzilla.redhat.com/show_bug.cgi?id=1235688 http://www.openwall.com/lists/oss-security/2015/06/22/7 http://www.securityfocus.com/bid/75328 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789824

CVE-2015-4707

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect