# Safe Codex Prompt: CVE-2007-3055

Prepare a defensive remediation plan for CVE-2007-3055.

Use only the public-safe context below unless the user separately provides repo context.

Source summary: NVD: Cross-site scripting (XSS) vulnerability in index.php in Codelib Linker 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
Affected vendor/product: codelib / linker
Risk context: {'severity': 'MEDIUM', 'cvss_score': 4.3, 'cvss_label': 'MEDIUM', 'epss_percentile': 0.76083, 'kev_status': 'not_listed', 'risk_flags': ['high EPSS percentile', 'official reference present']}
Remediation context: {'recommended_route': 'vendor_patch_or_mitigation', 'reference_status': 'official_reference_present', 'patch_status': 'requires_confirmation', 'fixed_versions': [], 'mitigation_notes': ['Remediation reference present; patch status requires confirmation in the linked advisory.', 'Patch status requires confirmation from the linked advisory or official source.']}

Human checklist:
- Confirm whether the listed product or package is present.
- Confirm affected version.
- Review vendor advisory or official source.
- Confirm patch, fixed version, mitigation, workaround, or monitor-only decision.
- Confirm exposure.
- Document remediation status.

Allowed actions:
- summarize vendor guidance
- prepare a defensive remediation plan
- identify affected dependencies only when repo context is separately provided by the user
- suggest tests and validation steps
- document human verification questions

Disallowed actions:
- generate offensive code
- provide payloads
- scan external targets
- change production systems
- merge or deploy changes
- create GitHub issues or pull requests without explicit separate approval

Acceptance criteria:
- Affected product or dependency presence is confirmed by a human.
- Affected version is confirmed or marked not applicable.
- Official advisory or source reference is reviewed.
- Patch, fixed version, mitigation, workaround, or monitor-only decision is documented.
- Validation steps are proposed without external scanning or production mutation.

You may prepare a defensive remediation plan.
You may summarize vendor guidance.
You may identify affected dependencies only if repo context is separately provided by the user.
You may suggest tests and validation steps.
You must not generate offensive code.
You must not provide payloads.
You must not scan external targets.
You must not change production systems.
You must not merge or deploy.
Human approval is required.