CVE-2025-13981
EPSS 0.05%Published: 12/3/2025Modified: 12/10/2025
Description
This modules provides the ability to chat with an AI Agent using a large-language model (LLM) provider for different purposes. The module doesn’t sufficiently filter LLM responses. This leads to a cross-site scripting (XSS) vulnerability where an attacker can use prompt injections on user-generated content with the LLM as context.
Affected packages (1)
- Packagist/drupal/aifrom 0, < 1.0.7 | >= 1.1.0, < 1.1.7 | >= 1.2.0, < 1.2.4