CVE-2023-0333

The TemplatesNext ToolKit WordPress plugin before 3.2.9 does not validate some of its shortcode attributes before using them to generate an HTML tag, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

com.github.linyuzai:concept-router-spring-boot-starter (=1.1.0), org.webjars.npm:cacheable-request (=2.1.4) +5 more potentially affected by CVE-2022-25881 via org.webjars.npm:http-cache-semantics (=3.8.1)

org.webjars.npm:http-cache-semantics MAVEN version =3.8.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:http-cache-semantics and may be impacted: - com.github.linyuzai:concept-router-spring-boot-starter =1.1.0 -...

CVE-2021-43635

A Cross Site Scripting XSS vulnerability exists in Codex before 1.4.0 via Notebook/Page name field, which allows malicious users to execute arbitrary code via a crafted http code in a .json file...

CVE-2021-43635

A Cross Site Scripting XSS vulnerability exists in Codex before 1.4.0 via Notebook/Page name field, which allows malicious users to execute arbitrary code via a crafted http code in a .json file...

Cross site scripting

A Cross Site Scripting XSS vulnerability exists in Codex before 1.4.0 via Notebook/Page name field, which allows malicious users to execute arbitrary code via a crafted http code in a .json file...

CVE-2021-43635

A Cross Site Scripting XSS vulnerability exists in Codex before 1.4.0 via Notebook/Page name field, which allows malicious users to execute arbitrary code via a crafted http code in a .json file...

CVE-2021-43635

CVE-2021-43635 – Codex : A Cross-Site Scripting (XSS) vulnerability exists in Codex prior to 1.4.0, triggered via the Notebook/Page name field. The underlying issue is lack of proper input filtering/escaping in that field, allowing an attacker to execute arbitrary code through a crafted JSON file...

PT-2022-11876 · Codex · Codex

Name of the Vulnerable Software and Affected Versions: Codex versions prior to 1.4.0 Description: A Cross Site Scripting XSS issue exists via the Notebook/Page name field, allowing malicious users to execute arbitrary code through a crafted http code in a .json file. Recommendations: For versions...

Codex 跨站脚本漏洞

Codex is a free notebook software for programmers and computer science majors from the US-based individual developer Josh Vickery. A cross-site scripting vulnerability exists in Codex versions prior to 1.4.0, which stems from a lack of effective filtering and escaping of the Name field of...

Codex Exposed: Helping Hackers in Training?

How useful is the Codex code generator as a potential training tool?...

This Week in Security News - January 28th, 2022

Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, read the third installment of Trend Micro’s Codex series. Also, read about the White House’s latest zero-trust approach to its cybersecurity...

Codex Exposed: Task Automation and Response Consistency

Being able to automate tasks or programmatically execute them unsupervised is an essential part of both regular and malicious computer usage, so we wondered if a tool like Codex was reliable enough to be scripted and left to run unsupervised, generating the required code...

Codex Exposed: How Low Is Too Low When We Generate Code?

In a series of blog posts, we explore different aspects of Codex and assess its capabilities with a focus on the security aspects that affect not only regular developers but also malicious users. This is the second part of the series...

Codex Exposed: Exploring the Capabilities and Risks of OpenAI’s Code Generator

The first of a series of blog posts examines the security risks of Codex, a code generator powered by the GPT-3 engine...

GitHub Launches 'Copilot' — AI-Powered Code Completion Tool

GitHub on Tuesday launched a technical preview of a new AI-powered pair programming tool that aims to help software developers write better code across a variety of programming languages, including Python, JavaScript, TypeScript, Ruby, and Go. Copilot, as the code synthesizer is called, has been...

cheat-codex.87983.x6.nabble.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1181961 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

Cisco Data Center Network Manager Arbitrary File Upload and Remote Code Execution Vulnerability

According to its self-reported version, Cisco Data Center Network Manager is affected by a vulnerability in the web-based management interface. An attacker could exploit this vulnerability by uploading specially crafted data to the affected device. A successful exploit could allow the attacker to...

codex-x.ch XSS vulnerability

Open Bug Bounty ID: OBB-612498 Description| Value ---|--- Affected Website:| codex-x.ch Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

codex-x.pl XSS vulnerability

Open Bug Bounty ID: OBB-612497 Description| Value ---|--- Affected Website:| codex-x.pl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

codex-x.nl XSS vulnerability

Open Bug Bounty ID: OBB-612495 Description| Value ---|--- Affected Website:| codex-x.nl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...