Project Jupyter · Ipython Notebook · CVE-2015-6938
**Name of the Vulnerable Software and Affected Versions**
IPython Notebook versions prior to 3.2.2
Jupyter Notebook versions 4.0.x prior to 4.0.5
**Description**
A cross-site scripting (XSS) issue exists in the file browser component of the notebook application, allowing remote attackers to inject arbitrary web script or HTML via a folder name.
**Recommendations**
For IPython Notebook versions prior to 3.2.2, update to version 3.2.2 or later to resolve the issue.
For Jupyter Notebook versions 4.0.x prior to 4.0.5, update to version 4.0.5 or later to resolve the issue.