Loading
Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely.
Use CWE-79, Jupyter vendor hub and Notebook product page to widen CVE-2018-19352 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2021-32798, CVE-2024-43805 and CVE-2024-22421 for nearby disclosures in the same product family.