1. Critical XSS Vulnerability in LLM Output Rendering: Unfiltered innerHTML Exposes User Sessions
A critical security flaw in a codebase's AI summary feature allows malicious Large Language Model (LLM) outputs to execute arbitrary JavaScript in users' browsers. The vulnerability stems from the direct insertion of streaming LLM responses into the Document Object Model (DOM) using `innerHTML` in the `ai_summary.js` f...