Lucene search
K

5 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-366 Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP

The nbconvert HTTP handlers in jupyterserver render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default non-sanitizing behavior, a notebook carrying an HTML payload in a displaydata outpu...

9.3CVSS5.8AI score0.00227EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/22 7:56 p.m.3 views

CVE-2026-44727 Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP

Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyterserver render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default...

9.3CVSS5.9AI score0.00227EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 7:56 p.m.21 views

CVE-2026-44727 Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP

Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyterserver render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default...

9.3CVSS0.00227EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 7:56 p.m.27 views

CVE-2026-44727

Jupyter Server (prior to 2.20) is affected by a stored XSS in the nbconvert HTML export path. The nbconvert HTTP handlers NbconvertFileHandler and NbconvertPostHandler render notebook HTML under the Jupyter origin without a sandbox directive in Content-Security-Policy, and NbconvertHTMLExporter’s...

9.3CVSS5.9AI score0.00227EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2018/11/18 12:0 a.m.4 views

PT-2018-14936 · Project Jupyter +2 · Jupyter Notebook +2

Name of the Vulnerable Software and Affected Versions: Jupyter Notebook versions prior to 5.7.1 Description: The issue allows for cross-site scripting XSS attacks via an untrusted notebook. This is because nbconvert responses are considered to have the same origin as the notebook server, enabling...

7.8CVSS6.2AI score0.01741EPSS
Exploits1References48
Rows per page
Query Builder