CVE-2026-3213 PUBLISHED

Anti-Spam by CleanTalk - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-014

Assigner: drupal
Reserved: 25.02.2026 Published: 25.03.2026 Updated: 25.03.2026

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Anti-Spam by CleanTalk allows Cross-Site Scripting (XSS).This issue affects Anti-Spam by CleanTalk: from 0.0.0 before 9.7.0.

Product Status

Vendor	Drupal
Product	Anti-Spam by CleanTalk
Versions	Default: unaffected affected from 0.0.0 to 9.7.0 (excl.)

Credits

Drew Webber (mcdruid) finder
glomberg remediation developer
Drew Webber (mcdruid) remediation developer
sergefcleantalk remediation developer
Damien McKenna (damienmckenna) coordinator
Greg Knaddison (greggles) coordinator
Drew Webber (mcdruid) coordinator
Juraj Nemec (poker10) coordinator
Jess (xjm) coordinator

References

https://www.drupal.org/sa-contrib-2026-014

Problem Types

CWE-79 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") CWE

Impacts

CAPEC-63 Cross-Site Scripting (XSS)