{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10710?format=json","vulnerability_id":"VCID-nrwx-kw8f-83d2","summary":"XSS vulnerability\nIf you create a new folder in the iPython file browser and set Javascript code as its name the code injected will be executed. So, if I create a folder called \"><img src=x onerror=alert(document.cookie)> and then I access to it, the cookies will be prompted.","aliases":[{"alias":"GMS-2015-22"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7823?format=json","purl":"pkg:pypi/notebook@4.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4vqp-xtgq-p3ex"},{"vulnerability":"VCID-7ccm-mj5n-dkct"},{"vulnerability":"VCID-a9nq-eg1d-2fen"},{"vulnerability":"VCID-ep9f-n1q3-93fh"},{"vulnerability":"VCID-jzfv-v43y-4yev"},{"vulnerability":"VCID-mm9w-w5e5-pfhw"},{"vulnerability":"VCID-p6d2-1hgc-1bgj"},{"vulnerability":"VCID-ps5x-4m98-j3bf"},{"vulnerability":"VCID-sjpw-qzhj-m7dp"},{"vulnerability":"VCID-xdj2-ghy5-ybdw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/notebook@4.0.5"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9594?format=json","purl":"pkg:pypi/notebook@0.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4vqp-xtgq-p3ex"},{"vulnerability":"VCID-7ccm-mj5n-dkct"},{"vulnerability":"VCID-a9nq-eg1d-2fen"},{"vulnerability":"VCID-ep9f-n1q3-93fh"},{"vulnerability":"VCID-jzfv-v43y-4yev"},{"vulnerability":"VCID-mm9w-w5e5-pfhw"},{"vulnerability":"VCID-nrwx-kw8f-83d2"},{"vulnerability":"VCID-p6d2-1hgc-1bgj"},{"vulnerability":"VCID-ps5x-4m98-j3bf"},{"vulnerability":"VCID-sjpw-qzhj-m7dp"},{"vulnerability":"VCID-xdj2-ghy5-ybdw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/notebook@0.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/7819?format=json","purl":"pkg:pypi/notebook@4.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4vqp-xtgq-p3ex"},{"vulnerability":"VCID-7ccm-mj5n-dkct"},{"vulnerability":"VCID-a9nq-eg1d-2fen"},{"vulnerability":"VCID-cxvg-uwyj-hfhs"},{"vulnerability":"VCID-ep9f-n1q3-93fh"},{"vulnerability":"VCID-jzfv-v43y-4yev"},{"vulnerability":"VCID-kdxh-yhaz-p3fh"},{"vulnerability":"VCID-mm9w-w5e5-pfhw"},{"vulnerability":"VCID-nrwx-kw8f-83d2"},{"vulnerability":"VCID-p6d2-1hgc-1bgj"},{"vulnerability":"VCID-ps5x-4m98-j3bf"},{"vulnerability":"VCID-sjpw-qzhj-m7dp"},{"vulnerability":"VCID-xdj2-ghy5-ybdw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/notebook@4.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/7820?format=json","purl":"pkg:pypi/notebook@4.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4vqp-xtgq-p3ex"},{"vulnerability":"VCID-7ccm-mj5n-dkct"},{"vulnerability":"VCID-a9nq-eg1d-2fen"},{"vulnerability":"VCID-cxvg-uwyj-hfhs"},{"vulnerability":"VCID-ep9f-n1q3-93fh"},{"vulnerability":"VCID-jzfv-v43y-4yev"},{"vulnerability":"VCID-kdxh-yhaz-p3fh"},{"vulnerability":"VCID-mm9w-w5e5-pfhw"},{"vulnerability":"VCID-nrwx-kw8f-83d2"},{"vulnerability":"VCID-p6d2-1hgc-1bgj"},{"vulnerability":"VCID-ps5x-4m98-j3bf"},{"vulnerability":"VCID-sjpw-qzhj-m7dp"},{"vulnerability":"VCID-xdj2-ghy5-ybdw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/notebook@4.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/7821?format=json","purl":"pkg:pypi/notebook@4.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4vqp-xtgq-p3ex"},{"vulnerability":"VCID-7ccm-mj5n-dkct"},{"vulnerability":"VCID-a9nq-eg1d-2fen"},{"vulnerability":"VCID-cxvg-uwyj-hfhs"},{"vulnerability":"VCID-ep9f-n1q3-93fh"},{"vulnerability":"VCID-jzfv-v43y-4yev"},{"vulnerability":"VCID-kdxh-yhaz-p3fh"},{"vulnerability":"VCID-mm9w-w5e5-pfhw"},{"vulnerability":"VCID-nrwx-kw8f-83d2"},{"vulnerability":"VCID-p6d2-1hgc-1bgj"},{"vulnerability":"VCID-ps5x-4m98-j3bf"},{"vulnerability":"VCID-sjpw-qzhj-m7dp"},{"vulnerability":"VCID-xdj2-ghy5-ybdw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/notebook@4.0.2"}],"references":[{"reference_url":"https://github.com/jupyter/notebook/commit/35f32dd2da804d108a3a3585b69ec3295b2677ed","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/jupyter/notebook/commit/35f32dd2da804d108a3a3585b69ec3295b2677ed"},{"reference_url":"https://github.com/jupyter/notebook/commit/dd9876381f0ef09873d8c5f6f2063269172331e3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/jupyter/notebook/commit/dd9876381f0ef09873d8c5f6f2063269172331e3"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":null,"exploitability":"0.5","weighted_severity":"0.0","risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nrwx-kw8f-83d2"}