Apache Zeppelin is a Web-based open source notebook application from the Apache Foundation that supports interactive data analysis and collaborative documentation. The application supports interactive data analysis and collaborative documentation. versions of Apache Zeppelin prior to 0.8.2 contain a cross-site scripting vulnerability that stems from a failure to neutralize input during web page generation and could be exploited by an attacker to execute arbitrary javascript in another user’s browser.