CVE-2026-3213
published 2026-03-25CVE-2026-3213: Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Anti-Spam by CleanTalk allows Cross-Site Scripting…
PriorityP420medium4.7CVSS 3.1
AVNACHPRNUIRSCCLILAN
EPSS
0.17%
6.8th percentile
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Anti-Spam by CleanTalk allows Cross-Site Scripting (XSS).This issue affects Anti-Spam by CleanTalk: from 0.0.0 before 9.7.0.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cleantalk | anti-spam | < 9.7.0 | 9.7.0 |
| drupal | anti-spam_by_cleantalk | >= 0.0.0 < 9.7.0 | 9.7.0 |
| drupal | cleantalk | >= 0 < 9.7.0 | 9.7.0 |
| drupal | drupal | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-65g6-ww7v-9mhx: Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Anti-Spam by CleanTalk allows Cross-Site
ghsa_unreviewed·2026-03-25
CVE-2026-3213 [MEDIUM] CWE-79 GHSA-65g6-ww7v-9mhx: Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Anti-Spam by CleanTalk allows Cross-Site
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Anti-Spam by CleanTalk allows Cross-Site Scripting (XSS).This issue affects Anti-Spam by CleanTalk: from 0.0.0 before 9.7.0.
OSV
CVE-2026-3213: This module enables you to block bots by Firewall
osv·2026-02-25
CVE-2026-3213 CVE-2026-3213: This module enables you to block bots by Firewall
This module enables you to block bots by Firewall.
The module doesn't sufficiently sanitize user input leading to a reflected Cross-site scripting (XSS) vulnerability.
This vulnerability is mitigated by the fact that the vulnerable functionality is only presented to users that are "challenged" or blocked by the firewall.
Drupal
Anti-Spam by CleanTalk - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-014
vendor_drupal·2026-02-25
CVE-2026-3213 [MEDIUM] Anti-Spam by CleanTalk - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-014
Title: Anti-Spam by CleanTalk - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-014
Vulnerability Type: Cross-site scripting
Description: This module enables you to block bots by Firewall. The module doesn't sufficiently sanitize user input leading to a reflected Cross-site scripting (XSS) vulnerability. This vulnerability is mitigated by the fact that the vulnerable functionality is only presented to users that are "challenged" or blocked by the firewall.
Solution: Install the latest version: If you use the Anti-Spam by CleanTalk module for Drupal, upgrade to Anti-Spam by CleanTalk 9.7.0 .
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-03-25
Published