cbcvebase.
CVE-2026-3213
published 2026-03-25

CVE-2026-3213: Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Anti-Spam by CleanTalk allows Cross-Site Scripting…

PriorityP420medium4.7CVSS 3.1
AVNACHPRNUIRSCCLILAN
EPSS
0.17%
6.8th percentile
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Anti-Spam by CleanTalk allows Cross-Site Scripting (XSS).This issue affects Anti-Spam by CleanTalk: from 0.0.0 before 9.7.0.

Affected

4 ranges
VendorProductVersion rangeFixed in
cleantalkanti-spam< 9.7.09.7.0
drupalanti-spam_by_cleantalk>= 0.0.0 < 9.7.09.7.0
drupalcleantalk>= 0 < 9.7.09.7.0
drupaldrupal
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.