CVE-2025-13981

描述

This modules provides the ability to chat with an AI Agent using a large-language model (LLM) provider for different purposes. The module doesn’t sufficiently filter LLM responses. This leads to a cross-site scripting (XSS) vulnerability where an attacker can use prompt injections on user-generated content with the LLM as context.

受影響套件(1)

• Packagist/drupal/aifrom 0, < 1.0.7 | >= 1.1.0, < 1.1.7 | >= 1.2.0, < 1.2.4

參考連結(1)

• WEBhttps://www.drupal.org/sa-contrib-2025-119