CVE-2025-13981 is a Cross-Site Scripting (XSS) vulnerability classified under CWE-79 that affects the Drupal AI (Artificial Intelligence) module. The vulnerability stems from improper neutralization of user-supplied input during the generation of web pages, which allows attackers to inject malicious scripts into web content rendered by the module. Affected versions include all releases before 1.0.7, 1.1.7, and 1.2.4. The vulnerability requires an attacker to have network access and low privileges, and it also necessitates user interaction to trigger the malicious script execution. The CVSS v3.1 score is 4.4 (medium severity), reflecting limited confidentiality and integrity impacts without affecting availability. Exploitation complexity is high due to the need for user interaction and specific conditions. Although no known exploits are currently reported in the wild, the vulnerability could enable attackers to perform actions such as session hijacking, defacement, or theft of sensitive information within the context of the affected Drupal AI module. The vulnerability is particularly relevant for organizations using Drupal AI for web content generation or AI-driven web features, as malicious scripts could compromise user trust and data integrity. The issue was publicly disclosed in January 2026, and no official patches or links were provided in the source data, indicating the need for organizations to monitor Drupal security advisories closely for updates.

For European organizations, this vulnerability poses a moderate risk primarily to web applications leveraging the Drupal AI module. Potential impacts include unauthorized script execution in users' browsers, leading to session hijacking, theft of sensitive data, or manipulation of displayed content. This can undermine user trust, cause reputational damage, and potentially lead to regulatory non-compliance under GDPR if personal data is compromised. The impact on availability is negligible, but integrity and confidentiality could be affected within the scope of the vulnerable module. Organizations with public-facing Drupal AI implementations, especially those handling sensitive user data or providing critical services, may face targeted attacks exploiting this vulnerability. The requirement for user interaction and low privilege reduces the likelihood of widespread automated exploitation but does not eliminate targeted phishing or social engineering risks. Additionally, the medium severity score suggests that while the threat is not critical, it warrants timely remediation to prevent escalation or chaining with other vulnerabilities.

1. Apply official patches or updates from Drupal as soon as they become available, specifically upgrading the AI module to versions 1.0.7, 1.1.7, or 1.2.4 or later. 2. Implement strict input validation and sanitization on all user-supplied data within the Drupal AI module to prevent injection of malicious scripts. 3. Deploy Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. 4. Conduct regular security audits and code reviews focused on input handling in custom Drupal modules or extensions. 5. Educate users about the risks of interacting with suspicious links or content to reduce the effectiveness of social engineering attacks. 6. Monitor web server and application logs for unusual activity or script injection attempts related to the Drupal AI module. 7. Utilize web application firewalls (WAF) configured to detect and block common XSS attack patterns targeting Drupal applications. 8. Limit the privileges of users and services interacting with the Drupal AI module to minimize potential damage from exploitation.