Description

The vulnerability stems from improper sanitization of LLM outputs. Malicious content may be rendered or executed if the response is not adequately handled.

Remediation

Enhance output sanitization and validation. Ensure that all responses from the LLM are properly processed and any untrusted content is safely handled.

References

OWASP Top 10 for LLM Applications 2025

Related Vulnerabilities

MediaWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2020-10960)

Client Side Template Injection

Envoy Proxy Improper Encoding or Escaping of Output Vulnerability (CVE-2024-45808)

Apache Tomcat Improper Encoding or Escaping of Output Vulnerability (CVE-2022-45143)

XWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2023-26472)

Severity

High

Classification

CWE-116 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N