Vulnerability in nbgrader project #1977
Description
While working in nbgrader project, I identified this vulnerability during routine security analysis of application dependencies. While testing how user-controlled data was handled by the setdata function, I observed that untrusted input was being passed to internal execution logic without proper sanitization. Further analysis revealed that this behavior could be exploited to execute arbitrary JavaScript, resulting in a Cross-site Scripting (XSS) vulnerability.