{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37899?format=json","vulnerability_id":"VCID-7adm-yra7-a3ht","summary":"XSS vulnerability\nIf you create a new folder in the iPython file browser and set Javascript code as its name the code injected will be executed. So, if I create a folder called \"><img src=x onerror=alert(document.cookie)> and then I access to it, the cookies will be prompted.","aliases":[{"alias":"GMS-2015-22"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9048?format=json","purl":"pkg:pypi/notebook@4.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3bhm-ewdv-zbeq"},{"vulnerability":"VCID-6y8s-qegb-ekde"},{"vulnerability":"VCID-7r44-pfgv-vfhx"},{"vulnerability":"VCID-a5v7-yux3-fqah"},{"vulnerability":"VCID-cq6c-5wrp-6uf8"},{"vulnerability":"VCID-d8dn-ga5x-pyc8"},{"vulnerability":"VCID-ng3p-zbry-8fer"},{"vulnerability":"VCID-ts53-zf55-zkcn"},{"vulnerability":"VCID-v436-yfae-x7d5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/notebook@4.0.5"}],"affected_packages":[],"references":[{"reference_url":"https://github.com/jupyter/notebook/commit/35f32dd2da804d108a3a3585b69ec3295b2677ed","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/jupyter/notebook/commit/35f32dd2da804d108a3a3585b69ec3295b2677ed"},{"reference_url":"https://github.com/jupyter/notebook/commit/dd9876381f0ef09873d8c5f6f2063269172331e3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/jupyter/notebook/commit/dd9876381f0ef09873d8c5f6f2063269172331e3"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7adm-yra7-a3ht"}