Description

The vulnerability stems from improper sanitization of LLM outputs. Malicious content may be rendered or executed if the response is not adequately handled.

Remediation

Enhance output sanitization and validation. Ensure that all responses from the LLM are properly processed and any untrusted content is safely handled.

References

OWASP Top 10 for LLM Applications 2025

Related Vulnerabilities

LLM Prompt Injection

LLM Tool Usage Exposure

XWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2023-26472)

LLM Server-Side Request Forgery (SSRF)

MediaWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2020-35475)

Severity

High

Classification

CWE-116 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N

Tags

Llm Llm Insecure Output Handling