The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting (XSS) vulnerabilities if these HTML notebooks are served by a web server (eg: nbviewer).
History

Fri, 22 Nov 2024 12:00:00 +0000

Type Values Removed Values Added
References

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-08-18T00:00:00

Updated: 2024-09-02T21:02:59.728Z

Reserved: 2021-05-12T00:00:00

Link: CVE-2021-32862

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-08-18T19:15:14.337

Modified: 2024-11-21T06:07:54.300

Link: CVE-2021-32862

cve-icon Redhat

No data.