Cross-site scripting (XSS) vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook prior to 3.2.2 and Jupyter Notebook 4.0.x prior to 4.0.5 allows remote malicious users to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site request forgery (CSRF) vulnerability, but this may be inaccurate.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jupyter notebook 4.0.4 |
||
jupyter notebook 4.0.3 |
||
jupyter notebook 4.0.2 |
||
jupyter notebook 4.0.1 |
||
jupyter notebook 4.0.0 |
||
fedoraproject fedora 22 |
||
fedoraproject fedora 23 |
||
fedoraproject fedora 21 |
||
opensuse opensuse 13.1 |
||
opensuse opensuse 13.2 |
||
ipython notebook |