Ipython Notebook vulnerabilities

CVE-2015-7337 [MEDIUM] CWE-20 CVE-2015-7337: The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote at The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types.

CVE-2015-6938 [MEDIUM] CWE-79 CVE-2015-6938: Cross-site scripting (XSS) vulnerability in the file browser in notebook/notebookapp.py in IPython N Cross-site scripting (XSS) vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site request forgery (CSRF) vulnerability, but this may be inaccu