drupal/ai is vulnerable to Cross-site Scripting (XSS)
50
Medium Risk
The Drupal AI module and several submodules (AI Automators, AI Translate, AI API Explorer, and AI Content Suggestions) are vulnerable to cross-site scripting and potential disclosure of sensitive LLM communications when rendering generated HTML or Markdown. This issue only affects sites where an attacker can inject input into LLM prompts.
You are affected if you are using a version that falls within the vulnerable range.
drupal/ai is vulnerable to Cross-site Scripting (XSS) in versions 0.0.1 - 1.2.16, 1.3.0 - 1.3.7 and 1.4.0 - 1.4.2.
Upgrade the drupal/ai library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant