CVE-2025-13981 | THREATINT

Description

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AI (Artificial Intelligence) allows Cross-Site Scripting (XSS).This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.7, from 1.1.0 before 1.1.7, from 1.2.0 before 1.2.4.

PUBLISHED Reserved 2025-12-03 | Published 2026-01-28 | Updated 2026-01-29 | Assigner drupal

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting")

Product status

Default status

unaffected

0.0.0 (semver) before 1.0.7

affected

1.1.0 (semver) before 1.1.7

affected

1.2.0 (semver) before 1.2.4

affected

Credits

Drew Webber (mcdruid) finder

Marcus Johansson (marcus_johansson) remediation developer

Bram Driesen (bramdriesen) coordinator

Greg Knaddison (greggles) coordinator

Drew Webber (mcdruid) coordinator

Juraj Nemec (poker10) coordinator

Jess (xjm) coordinator

References

www.drupal.org/sa-contrib-2025-119

cve.org (CVE-2025-13981)

nvd.nist.gov (CVE-2025-13981)

Download JSON

help @ threatint.eu