5 matches found
CVE-2015-9501
CVE-2015-9501 affects the WordPress Artificial Intelligence theme up to version 1.2.3 (before 1.2.4). The root cause is Genericons HTML files being placed under the web root, enabling cross-site scripting (XSS). The vulnerability is a DOM/XSS class issue in the theme that can allow an attacker to...
CVE-2025-31678
CVE-2025-31678 — Drupal AI Missing Authorization vulnerability affects Drupal AI (Artificial Intelligence) module. Affected versions are 0.0.0 through 1.0.2, with the root cause described as a missing authorization flaw that enables Forceful Browsing. The issue is characterized as an access bypas...
CVE-2025-31677
CVE-2025-31677 describes a CSRF vulnerability in Drupal AI (Artificial Intelligence) module affecting versions 1.0.0 through 1.0.1. Root cause: insufficient CSRF protection in the module, enabling unauthorized actions on behalf of authenticated users. Impact (per CVSS): high for confidentiality, ...
CVE-2025-13981
CVE-2025-13981 describes a Cross-Site Scripting (XSS) vulnerability in the Drupal AI module (Artificial Intelligence) caused by improper neutralization of input during web page generation. Affected versions are: 0.0.0 before 1.0.7, 1.1.0 before 1.1.7, and 1.2.0 before 1.2.4. The provided document...
CVE-2026-3573
CVE-2026-3573 affects Drupal AI (Artificial Intelligence). Multiple sources confirm an incorrect authorization vulnerability that allows resource injection. Affected versions: Drupal AI 0.0.0 through 1.1.10 and 1.2.0 through 1.2.11. Under certain conditions, rendering HTML/Markdown via the module...