ES2602-82fddd0e - Cross-Model Scripting (XMS)

[cmullaly-mitre]

Submission File: ES2602-82fddd0e-new-cross-model-scripting.txt

ID: ES2602-82fddd0e

SUBMISSION DATE: 2026-02-03 14:23:35

NAME: Cross-Model Scripting (XMS)

DESCRIPTION:

Cross-Model Scripting (XMS) is a model-mediated pathway to cross-site
scripting (XSS) in AI-integrated web applications. XMS does not describe a
new execution context. The resulting vulnerability remains a form of XSS
(CWE-79), and script execution still occurs in the browser. What
distinguishes XMS is the mechanism through which unsafe script content
emerges.

In traditional XSS scenarios, the risk arises when untrusted input is
improperly validated or encoded before being rendered. The flow is
relatively linear: input is received, optionally sanitized, and then
inserted into an HTML or JavaScript context.

In AI-integrated pipelines, however, a language model may introduce an
intermediate transformation layer between validation and rendering. The
model may rewrite, translate, normalize, or otherwise transform previously
validated input. During this transformation, canonical representations of
script constructs may be restored or generated. If the modelu2019s output
is subsequently rendered without contextual encoding or post-transformation
validation, injection risks may reappear.

The distinguishing characteristic of XMS is therefore not the presence of
script execution, but the crossing of a model boundary between validation
and rendering. Input that was considered safe in one representation may
become unsafe after model-driven transformation.

The term Cross-Model Scripting (XMS) is intentionally parallel to
Cross-Site Scripting (XSS). In XSS, script crosses a trust boundary between
user input and browser execution. In XMS, unsafe script content emerges
after crossing a model-mediated transformation boundary within the
application pipeline. By naming this pattern, we isolate a class of AI-era
injection pathways that stem from inconsistent trust assumptions across
model layers. XMS should be understood as a refinement of how CWE-79
manifests in systems that incorporate probabilistic text transformation
engines into their request handling flow.

Recognizing XMS helps practitioners:

Identify where revalidation must occur after model transformations.
Avoid implicitly trusting LLM-generated output.
Account for canonicalization effects introduced by multilingual or
Unicode-aware models.
Design validation strategies that reflect the non-linear structure of
AI-integrated pipelines.
XMS does not replace XSS. It clarifies how XSS evolves when language models
become part of the application architecture.

[bugmithlegend]

cool

[cmullaly-mitre]

ES2602-82fddd0e has been assigned to a member of the CWE Content Team as part of the INITIAL REVIEW phase. We will provide feedback as soon as possible.

The review process will analyze the submission for scope and submission problems as documented here:

• Submission problems
• Scope exclusions

After initial review, we might need to ask you additional questions (CONSULTATION phase) to ensure that the submitted information is accurate, properly understood, and (for new entry proposals) falls within CWE's scope. Afterward, we will make a DECISION as to whether a new CWE entry is needed, or if an existing entry needs to be modified. If a new entry is needed, we will then request more detailed content from you (SUPPORTING ANALYSIS). See the following URL for more details:

https://cwe.mitre.org/community/submissions/guidelines.html