https://github.com/browser-use/bux.git ·
lang: python ·
LOC: ·
source: both
| Rule | Severity | Count |
|---|---|---|
SEC006 XSS Risk |
high | 2 |
SEC017 Unbounded Input to LLM/External API |
medium | 1 |
SEC016 LLM Prompt Injection — User Input in AI Prompt |
high | 1 |
SEC016
LLM Prompt Injection — User Input in AI Prompt
agent/telegram_bot.py:5328
· conf 0.90
[SEC016] LLM Prompt Injection — User Input in AI Prompt: User-supplied text is interpolated directly into an AI/LLM prompt (e.g. OpenAI, Anthropic, or local model). This is the AI equivalent of SQL i…SEC006
XSS Risk
agent/mini_app_static/concepts.js:91
· conf 0.40
[SEC006] XSS Risk: Direct HTML injection without sanitization.SEC006
XSS Risk
agent/mini_app_static/tinder.js:196
· conf 0.40
[SEC006] XSS Risk: Direct HTML injection without sanitization.SEC017
Unbounded Input to LLM/External API
agent/telegram_bot.py:5328
· conf 0.30
[SEC017] Unbounded Input to LLM/External API: User input is passed to an LLM or external AI API (OpenAI, Anthropic, etc.) without any visible length or size validation. This creates two risks: (1) Co…Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/1f5b13ca-c511-4c41-a7cc-9a49b786811e/.