PT-2026-22085 · Drupal+2 · Cleantalk Antispam+2
Damien Mckenna
+6
·
Published
2026-02-25
·
Updated
2026-03-30
·
CVE-2026-3213
CVSS v3.1
4.7
Medium
| Vector | AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Drupal Anti-Spam by CleanTalk versions prior to 9.7.0
Description
The software contains a flaw related to improper handling of user-supplied data during web page creation, which could allow for Cross-Site Scripting (XSS) attacks. The issue exists because the software does not adequately sanitize user input. The vulnerability is limited in scope as it only affects users who are challenged or blocked by the firewall.
Recommendations
Update to version 9.7.0 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cleantalk Antispam
Anti-Spam
Drupal/Cleantalk