Nigel Cunningham

**Name of the Vulnerable Software and Affected Versions** Obfuscate versions 0.0.0 through 2.0.1 **Description** Improper neutralization of input during web page generation allows Cross-Site Scripting (XSS). The module, which obfuscates email addresses in content, fails to sufficiently sanitize user input via the Twig filter. This issue specifically affects sites utilizing ROT13 encoding (a simple substitution cipher that replaces a letter with the 13th letter after it in the alphabet) in scenarios where an attacker can provide content filtered by the module's Twig filter. **Recommendations** Update to version 2.0.2.

**Name of the Vulnerable Software and Affected Versions** Obfuscate versions 0.0.0 through 2.0.0 **Description** The issue is related to improper neutralization of input during web page generation, which allows for Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially affecting users who access the compromised page. **Recommendations** For Obfuscate versions 0.0.0 through 2.0.0, update to version 2.0.1 or later to resolve the issue.