Jupyter Notebook Vulnerable to Authentication Token Theft via CommandLinker XSS
A stored Cross-Site Scripting (XSS) vulnerability in Jupyter Notebook allows attackers to steal authentication tokens from users who open malicious notebook files and interact with elements that the attacker can make look indistinguishable from legitimate controls (single click interaction). The vulnerability enables complete account takeover through the Jupyter REST API, allowing the attacker to: Read all files Modify/create files Access running kernels and execute arbitrary code Create terminals for shell …