CVE-2021-32797

CRITICAL Year: 2021
CVSS v3 Score
9.6
Critical
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-79
View all →

Vulnerability Description

JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn’t sanitize the action attribute of html `<form>`. Using this it is possible to trigger the form validation outside of the form itself. This is a remote code execution, but requires user action to open a notebook.

Related Vulnerabilities

CVE-2011-3642

CRITICAL
CVSS:9.6(Critical)

Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 through 3.2.16, as used in the News system (news) extension for TYPO3 and Mahara, allows remote attackers to inject arbitrary web scr...

CWE-792011

CVE-2014-5039

CRITICAL
CVSS:9.6(Critical)

Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-792014

CVE-2015-10073

CRITICAL
CVSS:9.6(Critical)

A vulnerability, which was classified as problematic, was found in tinymighty WikiSEO 1.2.1 on MediaWiki. This affects the function modifyHTML of the file WikiSEO.body.php of the component Meta Proper...

CWE-792015

CVE-2015-20105

CRITICAL
CVSS:9.6(Critical)

The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacker to make logged in admin change them via a CSRF attack. Furthermore, due t...

CWE-792015

CVE-2018-18864

CRITICAL
CVSS:9.6(Critical)

Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are displayed.

CWE-792018

CVE-2019-13363

CRITICAL
CVSS:9.6(Critical)

admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nbm&#95;send&#95;html&#95;mail, nbm&#95;send&#95;mail&#95;as, nbm&#95;send&#95;detailed&#95;content, nbm&#95;complementary&#95;mail&...

CWE-792019