Adam Nagy

**Name of the Vulnerable Software and Affected Versions** Drupal CAPTCHA versions 0.0.0 through 1.16.9 Drupal CAPTCHA versions 2.0.0 through 2.0.9 **Description** A functionality bypass exists in Drupal CAPTCHA due to insufficient invalidation of security tokens. An attacker may bypass the CAPTCHA on subsequent submissions if they first successfully solve at least one CAPTCHA manually to obtain valid tokens. **Recommendations** Update Drupal CAPTCHA to version 1.17.0 or later. Update Drupal CAPTCHA to version 2.0.10 or later.

**Name of the Vulnerable Software and Affected Versions** Drupal SpamSpan filter versions 0.0.0 through 3.2.0 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS), in the Drupal SpamSpan filter. This allows for Cross-Site Scripting (XSS) attacks. **Recommendations** For versions 0.0.0 through 3.2.0, update to version 3.2.1 or later to resolve the issue.