CVE-2015-4707: XSS
Published Sep 20, 2017
·Updated
Cross-site scripting (XSS) vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path.
Affected Software
2 affected componentsFixes available
pip/ipython>=0<3.2.0
3.2.0
IPython IPython<3.2.0
Remediation
Event History
Sep 20, 2017
CVE Published
via MITRE·06:00 PM
Data Sourced
via MITRE·06:00 PM
Description
May 13, 2022
Advisory Published
via GitHub·01:31 AM
Frequently Asked Questions
1
What is the severity of CVE-2015-4707?
CVE-2015-4707 has a high severity rating due to its potential for remote code execution through cross-site scripting.
2
How do I fix CVE-2015-4707?
To fix CVE-2015-4707, update IPython to version 3.2.0 or later.
3
What software is affected by CVE-2015-4707?
CVE-2015-4707 affects all versions of IPython prior to 3.2.0.
4
What type of vulnerability is CVE-2015-4707?
CVE-2015-4707 is a cross-site scripting (XSS) vulnerability.
5
Can CVE-2015-4707 be exploited remotely?
Yes, CVE-2015-4707 can be exploited remotely by attackers through specific JSON error messages.