AI LLM-Output XSS — Backend Renders Model Output as Trusted HTML

ChatBotApp embeds an LLM in its product. User messages go to the LLM. The LLM's reply is rendered as innerHTML in the chat panel because the team wanted 'rich formatting like ChatGPT'. They didn't sanitise model output. By manipulating user input, you can get the LLM to produce HTML that fires JavaScript — XSS via model-as-XSS-vector.