Codex < 1.4.0 - Stored Cross-Site Scripting via Notebook/Page Name Field
A Cross Site Scripting (XSS) vulnerability exists in Codex before 1.4.0 via Notebook/Page name field, which allows malicious users to execute arbitrary code via a crafted http code in a .json file.