Glomberg

**Name of the Vulnerable Software and Affected Versions** Drupal Anti-Spam by CleanTalk versions prior to 9.7.0 **Description** The software contains a flaw related to improper handling of user-supplied data during web page creation, which could allow for Cross-Site Scripting (XSS) attacks. The issue exists because the software does not adequately sanitize user input. The vulnerability is limited in scope as it only affects users who are challenged or blocked by the firewall. **Recommendations** Update to version 9.7.0 or later.

**Name of the Vulnerable Software and Affected Versions** cleantalk-spam-protect plugin versions prior to 5.127.4 **Description** The issue allows an attacker to execute arbitrary HTML and JavaScript code via the `from` or `till` parameter. This is possible when the Administrator is logged in and a reflected attack may execute upon a click on a malicious URL. The components affected are inc/cleantalk-users.php and inc/cleantalk-comments.php. **Recommendations** For versions prior to 5.127.4, update to version 5.127.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the inc/cleantalk-users.php and inc/cleantalk-comments.php components to minimize the risk of exploitation. Avoid using the `from` or `till` parameter in affected URLs until the issue is resolved.