This is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is.
Post
Sam Stepanyan
securestep9.bsky.social
did:plc:pyp3mmxzpyhy425qff5rp4yf
#Cursor: Prompt Injection vulnerability CVE-2025-54135 (fixed in v1.3).
By feeding poisoned data to the agent via MCP, an attacker can gain full remote code execution (#RCE):
#AISecurity
👇
https://thehackernews.com/2025/08/cursor-ai-code-editor-fixed-flaw.html
2025-08-04T14:01:31.273Z