Home

Description

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AI (Artificial Intelligence) allows Cross-Site Scripting (XSS). This issue affects AI (Artificial Intelligence) versions: from 0.0.0 to 1.2.17, from 1.3.0 to 1.3.8, from 1.4.0 to 1.4.3.

PUBLISHED Reserved 2026-06-24 | Published 2026-07-10 | Updated 2026-07-13 | Assigner drupal

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting")

Product status

0.0.0 (semver) before 1.2.17
affected

1.3.0 (semver) before 1.3.8
affected

1.4.0 (semver) before 1.4.3
affected

Credits

Drew Webber (mcdruid) finder

Artem Dmitriiev (a.dmitriiev) remediation developer

Abhisek Mazumdar (abhisekmazumdar) remediation developer

AKHIL BABU (akhil babu) remediation developer

Marcus Johansson (marcus_johansson) remediation developer

Bram Driesen (bramdriesen) coordinator

Drew Webber (mcdruid) coordinator

Juraj Nemec (poker10) coordinator

References

www.drupal.org/sa-contrib-2026-054

cve.org (CVE-2026-13234)

nvd.nist.gov (CVE-2026-13234)

Download JSON