AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, AnythingLLM's in-chat markdown renderer has an unsafe custom rule for images that interpolates the markdown image's "alt" text into an HTML "alt="..."" attribute without any HTML encoding. Every call-site in the app wraps "renderMarkdown(...)" with "DOMPurify.sanitize(...)" as defense-in-depth — except the "Chartable" component, which renders chart captions with no sanitization. The chart caption is the natural-language text the LLM emits around a "create-chart" tool call, so any attacker who can influence the LLM's output — most cheaply via indirect prompt injection in a shared workspace document, or directly if they can create a chart record in a multi-user workspace — can trigger stored DOM-level XSS in every other user's browser when they open that conversation. AnythingLLM chat history is loaded server-side via "GET /api/workspace/:slug/chats" and rendered directly into the chat UI. Version 1.12.1 contains a patch for this issue.