GoogleOSV:GHSA-66GW-5XPF-GFP5Improper Neutralization of Input During Web Page Generation in IPython
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
56.9%
Cross-site scripting (XSS) vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path.
References
www.openwall.com/lists/oss-security/2015/06/22/7
www.securityfocus.com/bid/75328
bugzilla.redhat.com/show_bug.cgi?id=1235688
github.com/advisories/GHSA-66gw-5xpf-gfp5
github.com/ipython/ipython/commit/7222bd53ad089a65fd610fab4626f9d0ab47dfce
github.com/ipython/ipython/commit/c2078a53543ed502efd968649fee1125e0eb549c
github.com/pypa/advisory-database/tree/main/vulns/ipython/PYSEC-2017-46.yaml
ipython.org/ipython-doc/3/whatsnew/version3.html
nvd.nist.gov/vuln/detail/CVE-2015-4707
Related
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
56.9%