Lucene search
+L

137 matches found

redhatcve
redhatcve
added 2026/06/30 5:21 a.m.14 views

CVE-2026-6658

A flaw was found in nbconvert. This vulnerability allows a remote attacker to perform Cross-site Scripting XSS by injecting arbitrary HTML or JavaScript code. This occurs due to unsanitized text/vnd.mermaid output in HTML exports, where the datamermaid block directly renders cell output without...

5.4CVSS6.5AI score0.00134EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/06/29 5:19 p.m.13 views

CVE-2026-44727

A flaw was found in Jupyter Server. The nbconvert HTTP handlers in Jupyter Server render user-authored notebook HTML without a sandbox directive in their Content-Security-Policy. This, combined with nbconvert.HTMLExporter's default non-sanitizing behavior, allows a notebook containing an HTML...

9.3CVSS6AI score0.00227EPSS
Exploits0References5
osv
osv
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-366 Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP

The nbconvert HTTP handlers in jupyterserver render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default non-sanitizing behavior, a notebook carrying an HTML payload in a displaydata outpu...

9.3CVSS5.8AI score0.00227EPSS
Exploits0References6
nvd
nvd
added 2026/06/26 10:16 a.m.9 views

CVE-2026-6658

A vulnerability in jupyter/nbconvert versions tag. This vulnerability impacts any server using nbconvert to render notebooks as HTML, allowing attackers to execute arbitrary JavaScript in the context of users viewing the HTML export...

5.4CVSS0.00134EPSS
Exploits0References1
osv
osv
added 2026/06/26 10:16 a.m.5 views

UBUNTU-CVE-2026-6658

A vulnerability in jupyter/nbconvert versions tag. This vulnerability impacts any server using nbconvert to render notebooks as HTML, allowing attackers to execute arbitrary JavaScript in the context of users viewing the HTML export...

5.4CVSS6AI score0.00134EPSS
Exploits0References4
debiancve
debiancve
added 2026/06/26 9:40 a.m.8 views

CVE-2026-6658

A vulnerability in jupyter/nbconvert versions tag. This vulnerability impacts any server using nbconvert to render notebooks as HTML, allowing attackers to execute arbitrary JavaScript in the context of users viewing the HTML export...

5.4CVSS6.3AI score0.00134EPSS
Exploits0
attackerkb
attackerkb
added 2026/06/26 9:40 a.m.6 views

CVE-2026-6658

A vulnerability in jupyter/nbconvert versions = 7.17.0 allows for Cross-site Scripting XSS via unsanitized text/vnd.mermaid output in HTML exports. The datamermaid block in share/templates/lab/base.html.j2 renders text/vnd.mermaid cell output directly into HTML without escaping, enabling attacker...

5.4CVSS6.3AI score0.00134EPSS
Exploits0References2
euvd
euvd
added 2026/06/26 9:40 a.m.9 views

EUVD-2026-39642

A vulnerability in jupyter/nbconvert versions tag. This vulnerability impacts any server using nbconvert to render notebooks as HTML, allowing attackers to execute arbitrary JavaScript in the context of users viewing the HTML export...

5.4CVSS6.3AI score0.00134EPSS
Exploits0References1
cve
cve
added 2026/06/26 9:40 a.m.15 views

CVE-2026-6658

The CVE-2026-6658 issue affects jupyter/nbconvert versions <= 7.17.0. The vulnerability arises because the data_mermaid block in share/templates/lab/base.html.j2 renders text/vnd.mermaid cell output directly into HTML without escaping, enabling Cross-site Scripting (XSS) by breaking out of the...

5.4CVSS6.3AI score0.00134EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/26 9:40 a.m.38 views

CVE-2026-6658 Cross-site Scripting (XSS) in jupyter/nbconvert

A vulnerability in jupyter/nbconvert versions tag. This vulnerability impacts any server using nbconvert to render notebooks as HTML, allowing attackers to execute arbitrary JavaScript in the context of users viewing the HTML export...

5.4CVSS0.00134EPSS
Exploits0References1
nessus
nessus
added 2026/06/24 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-44727

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyterserver render user-authored notebook HTML under...

9.3CVSS5.8AI score0.00227EPSS
Exploits0References3
nvd
nvd
added 2026/06/22 9:16 p.m.12 views

CVE-2026-44727

Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyterserver render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default...

9.3CVSS0.00227EPSS
Exploits0References5
debiancve
debiancve
added 2026/06/22 7:56 p.m.7 views

CVE-2026-44727

Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyterserver render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default...

9.3CVSS5.9AI score0.00227EPSS
Exploits0
vulnrichment
vulnrichment
added 2026/06/22 7:56 p.m.3 views

CVE-2026-44727 Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP

Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyterserver render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default...

9.3CVSS5.9AI score0.00227EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/22 7:56 p.m.6 views

CVE-2026-44727

Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyterserver render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default...

9.3CVSS5.9AI score0.00227EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2026/06/22 7:56 p.m.26 views

CVE-2026-44727 Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP

Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyterserver render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default...

9.3CVSS0.00227EPSS
Exploits0References2
osv
osv
added 2026/06/22 7:56 p.m.4 views

CVE-2026-44727 Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP

Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyterserver render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default...

9.3CVSS5.9AI score0.00227EPSS
Exploits0References7
cve
cve
added 2026/06/22 7:56 p.m.34 views

CVE-2026-44727

Jupyter Server (prior to 2.20) is affected by a stored XSS in the nbconvert HTML export path. The nbconvert HTTP handlers NbconvertFileHandler and NbconvertPostHandler render notebook HTML under the Jupyter origin without a sandbox directive in Content-Security-Policy, and NbconvertHTMLExporter’s...

9.3CVSS5.9AI score0.00227EPSS
Exploits0References5Affected Software1
osv
osv
added 2026/06/18 3:4 p.m.23 views

GHSA-FCW5-X6J4-CCMP Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP

The nbconvert HTTP handlers in jupyterserver render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default non-sanitizing behavior, a notebook carrying an HTML payload in a displaydata outpu...

9.3CVSS5.3AI score0.00227EPSS
Exploits0References3
github
github
added 2026/06/18 3:4 p.m.38 views

Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP

The nbconvert HTTP handlers in jupyterserver render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default non-sanitizing behavior, a notebook carrying an HTML payload in a displaydata outpu...

9.3CVSS5.3AI score0.00227EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder