Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-13981
PUBLISHED
More InfoOfficial Page
Assigner-drupal
Assigner Org ID-2c85b837-eb8b-40ed-9d74-228c62987387
View Known Exploited Vulnerability (KEV) details
Published At-28 Jan, 2026 | 20:01
Updated At-29 Jan, 2026 | 17:12
Rejected At-
▼CVE Numbering Authority (CNA)
AI (Artificial Intelligence) - Moderately critical - Cross-Site Scripting - SA-CONTRIB-2025-119

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AI (Artificial Intelligence) allows Cross-Site Scripting (XSS).This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.7, from 1.1.0 before 1.1.7, from 1.2.0 before 1.2.4.

Affected Products
Vendor
The Drupal AssociationDrupal
Product
AI (Artificial Intelligence)
Collection URL
https://www.drupal.org/project/ai
Repo
https://git.drupalcode.org/project/ai
Default Status
unaffected
Versions
Affected
  • From 0.0.0 before 1.0.7 (semver)
  • From 1.1.0 before 1.1.7 (semver)
  • From 1.2.0 before 1.2.4 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting")
Type: CWE
CWE ID: CWE-79
Description: CWE-79 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting")
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-63CAPEC-63 Cross-Site Scripting (XSS)
CAPEC ID: CAPEC-63
Description: CAPEC-63 Cross-Site Scripting (XSS)
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Drew Webber (mcdruid)
remediation developer
Marcus Johansson (marcus_johansson)
coordinator
Bram Driesen (bramdriesen)
coordinator
Greg Knaddison (greggles)
coordinator
Drew Webber (mcdruid)
coordinator
Juraj Nemec (poker10)
coordinator
Jess (xjm)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.drupal.org/sa-contrib-2025-119
N/A
Hyperlink: https://www.drupal.org/sa-contrib-2025-119
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.14.4MEDIUM
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
Version: 3.1
Base score: 4.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found