3381 matches found
BIT-JUPYTER-NOTEBOOK-2026-40171 Jupyter Notebook and JupyterLab token theft via stored XSS in help command linker
In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with...
BIT-JUPYTER-BASE-NOTEBOOK-2026-40171 Jupyter Notebook and JupyterLab token theft via stored XSS in help command linker
In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with...
EUVD-2021-34808
WordPress GetPaid Plugin 2.4.6 contains an HTML injection vulnerability that allows authenticated attackers to inject arbitrary HTML code by exploiting the Help Text field in payment forms. Attackers can inject malicious HTML including image tags and scripts into the Help Text field during paymen...
CVE-2021-47948
WordPress GetPaid Plugin 2.4.6 contains an HTML injection vulnerability that allows authenticated attackers to inject arbitrary HTML code by exploiting the Help Text field in payment forms. Attackers can inject malicious HTML including image tags and scripts into the Help Text field during paymen...
CVE-2021-47948 WordPress GetPaid Plugin 2.4.6 HTML Injection via Help Text
WordPress GetPaid Plugin 2.4.6 contains an HTML injection vulnerability that allows authenticated attackers to inject arbitrary HTML code by exploiting the Help Text field in payment forms. Attackers can inject malicious HTML including image tags and scripts into the Help Text field during paymen...
CVE-2021-47948
WordPress GetPaid Plugin 2.4.6 contains an HTML injection vulnerability that allows authenticated attackers to inject arbitrary HTML code by exploiting the Help Text field in payment forms. Attackers can inject malicious HTML including image tags and scripts into the Help Text field during paymen...
CVE-2021-47948
The CVE-2021-47948 entry concerns WordPress GetPaid Plugin 2.4.6 with an HTML-injection vulnerability. It allows authenticated attackers to inject arbitrary HTML via the Help Text field in payment forms, with the injected HTML stored in the database and executed in the browser when the form is vi...
CVE-2021-47948 WordPress GetPaid Plugin 2.4.6 HTML Injection via Help Text
WordPress GetPaid Plugin 2.4.6 contains an HTML injection vulnerability that allows authenticated attackers to inject arbitrary HTML code by exploiting the Help Text field in payment forms. Attackers can inject malicious HTML including image tags and scripts into the Help Text field during paymen...
PT-2026-39522
WordPress GetPaid Plugin 2.4.6 contains an HTML injection vulnerability that allows authenticated attackers to inject arbitrary HTML code by exploiting the Help Text field in payment forms. Attackers can inject malicious HTML including image tags and scripts into the Help Text field during paymen...
SUSE CVE-2026-40171
In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with...
@fails-components/jupyter-applet-view (>=0.0.1-alpha.3 <=0.0.1-alpha.18), @fails-components/jupyter-filesystem-extension (>=0.0.1-alpha.3 <=0.0.1-alpha.18) +3 more potentially affected by CVE-2026-42557 via @jupyterlab/help-extension (>=4.0.13 <=4.4.10)
@jupyterlab/help-extension NPM version =4.0.13, =0.0.1-alpha.3, =0.0.1-alpha.3, =0.0.1-alpha.3, =0.0.1-alpha.3, =0.2.0, =0.6.0-alpha.9 Source cves: CVE-2026-42557 Source advisory: SNYK:JS-JUPYTERLABHELPEXTENSION-16438961...
Cross-site Scripting (XSS)
Overview @jupyterlab/help-extension is a JupyterLab - Help Extension Affected versions of this package are vulnerable to Cross-site Scripting XSS via the handling of data-commandlinker-command and data-commandlinker-args attributes in HTML content. An attacker can execute arbitrary commands,...
CVE-2026-40171
In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with...
DEBIAN-CVE-2026-40171
In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with...
CVE-2026-40171
In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with...
CVE-2026-40171 Jupyter Notebook and JupyterLab token theft via stored XSS in help command linker
In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with...
CVE-2026-40171
CVE-2026-40171 affects Jupyter components prior to fixes: Notebook 7.0.0–7.5.5, JupyterLab up to 4.5.6, and related help extensions (@jupyter-notebook/help-extension, @jupyterlab/help-extension). The root cause is a stored XSS in the CommandLinker used by the Help Extension, which can be chained ...
CVE-2026-40171 Jupyter Notebook and JupyterLab token theft via stored XSS in help command linker
In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with...
CVE-2026-40171
In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with...
CVE-2026-40171
In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with...