CVE-2026-15085 in AI SEO
Summary
by MITRE • 07/11/2026
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AI SEO/GEO Analyzer allows Stored XSS. This issue affects AI SEO/GEO Analyzer versions: from 0.0.0 to 1.1.3.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 07/11/2026
This vulnerability represents a critical cross-site scripting flaw in the Drupal AI SEO/GEO Analyzer module that enables stored XSS attacks through improper input sanitization during web page generation. The weakness occurs when user-supplied data is not adequately neutralized before being rendered in web pages, creating an opportunity for attackers to inject malicious scripts that persist in the application's database and execute against other users. The vulnerability affects all versions from 0.0.0 through 1.1.3, indicating a prolonged period during which this security gap existed without proper mitigation.
The technical implementation of this flaw stems from insufficient validation and sanitization of user inputs within the module's web page generation processes. When users interact with the AI SEO/GEO Analyzer functionality, their input data is processed and stored in the database without proper escaping or encoding mechanisms. This allows malicious actors to submit crafted payloads that contain script tags or other XSS vectors, which are then executed whenever other users view pages containing this stored content. The vulnerability operates at the application layer where user-generated content flows through the system's rendering pipeline without adequate security controls.
The operational impact of this stored XSS vulnerability is significant and multifaceted. Attackers can leverage this weakness to hijack user sessions, steal sensitive cookies, redirect users to malicious sites, or execute arbitrary commands within the context of the victim's browser. The persistent nature of stored XSS means that once a malicious payload is injected, it will affect all users who access the affected pages until the vulnerability is patched and the malicious content is removed from the database. This creates a sustained threat vector that can compromise user privacy and application integrity over extended periods.
Security practitioners should immediately upgrade to versions beyond 1.1.3 of the AI SEO/GEO Analyzer module to remediate this vulnerability. Organizations should implement input validation controls at multiple layers including client-side sanitization, server-side escaping mechanisms, and proper content security policies. The vulnerability aligns with CWE-79 which specifically addresses cross-site scripting flaws in web applications, and follows ATT&CK technique T1566 related to social engineering through malicious content injection. Additional mitigations include implementing strict input filtering, using secure coding practices for HTML output encoding, and conducting regular security assessments of third-party modules to identify similar vulnerabilities that could compromise the overall application security posture.