3 matches found
Cross-site Scripting (XSS)
JupyterLab is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient validation of data-commandlinker- attributes in sanitized HTML output, which allows an attacker to craft a malicious notebook containing a deceptive button that executes arbitrary JupyterLab commands,...
Cross-site Scripting (XSS)
Overview @jupyterlab/help-extension is a JupyterLab - Help Extension Affected versions of this package are vulnerable to Cross-site Scripting XSS via the handling of data-commandlinker-command and data-commandlinker-args attributes in HTML content. An attacker can execute arbitrary commands,...
Cross-site Scripting (XSS)
Overview @jupyterlab/rendermime is a JupyterLab - RenderMime Affected versions of this package are vulnerable to Cross-site Scripting XSS via the handling of data-commandlinker-command and data-commandlinker-args attributes in HTML content. An attacker can execute arbitrary commands, including co...