Vulnerabilities > Jupyter > Notebook > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-03-12 | CVE-2019-9644 | Cross-site Scripting vulnerability in Jupyter Notebook An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook before 5.7.6 allows inclusion of resources on malicious pages when visited by users who are authenticated with a Jupyter server. | 5.4 |
2018-11-18 | CVE-2018-19352 | Cross-site Scripting vulnerability in Jupyter Notebook Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely. | 4.3 |
2018-11-18 | CVE-2018-19351 | Cross-site Scripting vulnerability in Jupyter Notebook Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. | 6.1 |
2018-03-18 | CVE-2018-8768 | Unspecified vulnerability in Jupyter Notebook In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. network jupyter | 6.8 |
2015-09-29 | CVE-2015-7337 | Improper Input Validation vulnerability in multiple products The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types. | 6.8 |
2015-09-21 | CVE-2015-6938 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. | 4.3 |