English
EN
Français
FR
Language
English
EN
Français
FR

CVE Vulnerabilities

Posts & Pages

No results found for ""

Try different keywords or check spelling

Search in CVE database, posts & pages • Press ESC to close

DNA View

CVE-2025-13981

Medium
Low Medium High Critical
4.4
CVSS Score
Published: Jan 28, 2026
Last Modified: Feb 19, 2026
CWE: CWE-79

Vulnerability Description

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AI (Artificial Intelligence) allows Cross-Site Scripting (XSS).This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.7, from 1.1.0 before 1.1.7, from 1.2.0 before 1.2.4.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
N
Attack Complexity
H
Privileges Required
L
User Interaction
R
Scope
C
Confidentiality
L
Integrity
L
Availability
N

Known Affected Software

16 configuration(s) from 1 vendor(s)

artificial_intelligence
Version:
1.2.3
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.2.3:*:*:*:*:wordpress:*:*
artificial_intelligence
Version:
1.1.1
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.1.1:*:*:*:*:drupal:*:*
artificial_intelligence
Version:
1.0.6
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.0.6:*:*:*:*:drupal:*:*
artificial_intelligence
Version:
1.2.1
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.2.1:*:*:*:*:wordpress:*:*
artificial_intelligence
Version:
1.0.4
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.0.4:*:*:*:*:drupal:*:*
artificial_intelligence
Version:
1.1.2
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.1.2:*:*:*:*:wordpress:*:*
artificial_intelligence
Version:
1.0.3
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.0.3:*:*:*:*:drupal:*:*
artificial_intelligence
Version:
1.1.4
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.1.4:*:*:*:*:wordpress:*:*
artificial_intelligence
Version:
1.1.3
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.1.3:*:*:*:*:wordpress:*:*
artificial_intelligence
Version:
1.2.0
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.2.0:alpha1:*:*:*:drupal:*:*
artificial_intelligence
Version:
1.0.0
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.0.0:*:*:*:*:drupal:*:*
artificial_intelligence
Version:
1.0.5
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.0.5:*:*:*:*:drupal:*:*
artificial_intelligence
Version:
1.2.2
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.2.2:*:*:*:*:wordpress:*:*
artificial_intelligence
Version:
1.0.2
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.0.2:*:*:*:*:drupal:*:*
artificial_intelligence
Version:
1.0.1
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.0.1:*:*:*:*:drupal:*:*
artificial_intelligence
Version:
1.1.0
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.1.0:beta1:*:*:*:drupal:*:*
This vulnerability affects 16 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

4.4
out of 10.0
Medium

Weakness Type (CWE)

CWE-79 Top 25 #1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Exploit Likelihood
High
Typical Severity
Medium
OWASP Top 10
A03:2021-Injection
Abstraction Level
Base
View CWE Details on MITRE

Key Information

Published Date
January 28, 2026

External Resources

NIST
NIST NVD
National Vulnerability Database
MT
MITRE CVE
Official CVE record