{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3213", "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "state": "PUBLISHED", "assignerShortName": "drupal", "dateReserved": "2026-02-25T16:59:28.345Z", "datePublished": "2026-03-25T15:22:26.583Z", "dateUpdated": "2026-03-26T14:47:06.325Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "shortName": "drupal", "dateUpdated": "2026-03-25T15:22:26.583Z"}, "title": "Anti-Spam by CleanTalk - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-014", "datePublic": "2026-02-25T18:46:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\")", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "affected": [{"vendor": "Drupal", "product": "Anti-Spam by CleanTalk", "collectionURL": "https://www.drupal.org/project/cleantalk", "repo": "https://git.drupalcode.org/project/cleantalk", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "9.7.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") vulnerability in Drupal Anti-Spam by CleanTalk allows Cross-Site Scripting (XSS).This issue affects Anti-Spam by CleanTalk: from 0.0.0 before 9.7.0.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") vulnerability in Drupal Anti-Spam by CleanTalk allows Cross-Site Scripting (XSS).<p>This issue affects Anti-Spam by CleanTalk: from 0.0.0 before 9.7.0.</p>"}]}], "references": [{"url": "https://www.drupal.org/sa-contrib-2026-014"}], "credits": [{"lang": "en", "value": "Drew Webber (mcdruid)", "type": "finder"}, {"lang": "en", "value": "glomberg", "type": "remediation developer"}, {"lang": "en", "value": "Drew Webber (mcdruid)", "type": "remediation developer"}, {"lang": "en", "value": "sergefcleantalk", "type": "remediation developer"}, {"lang": "en", "value": "Damien McKenna (damienmckenna)", "type": "coordinator"}, {"lang": "en", "value": "Greg Knaddison (greggles)", "type": "coordinator"}, {"lang": "en", "value": "Drew Webber (mcdruid)", "type": "coordinator"}, {"lang": "en", "value": "Juraj Nemec (poker10)", "type": "coordinator"}, {"lang": "en", "value": "Jess (xjm)", "type": "coordinator"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-25T20:00:32.267862Z", "id": "CVE-2026-3213", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T14:47:06.325Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-3213", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-25T20:00:32.267862Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T20:00:44.387Z"}}], "cna": {"title": "Anti-Spam by CleanTalk - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-014", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Drew Webber (mcdruid)"}, {"lang": "en", "type": "remediation developer", "value": "glomberg"}, {"lang": "en", "type": "remediation developer", "value": "Drew Webber (mcdruid)"}, {"lang": "en", "type": "remediation developer", "value": "sergefcleantalk"}, {"lang": "en", "type": "coordinator", "value": "Damien McKenna (damienmckenna)"}, {"lang": "en", "type": "coordinator", "value": "Greg Knaddison (greggles)"}, {"lang": "en", "type": "coordinator", "value": "Drew Webber (mcdruid)"}, {"lang": "en", "type": "coordinator", "value": "Juraj Nemec (poker10)"}, {"lang": "en", "type": "coordinator", "value": "Jess (xjm)"}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "affected": [{"repo": "https://git.drupalcode.org/project/cleantalk", "vendor": "Drupal", "product": "Anti-Spam by CleanTalk", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "9.7.0", "versionType": "semver"}], "collectionURL": "https://www.drupal.org/project/cleantalk", "defaultStatus": "unaffected"}], "datePublic": "2026-02-25T18:46:00.000Z", "references": [{"url": "https://www.drupal.org/sa-contrib-2026-014"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") vulnerability in Drupal Anti-Spam by CleanTalk allows Cross-Site Scripting (XSS).This issue affects Anti-Spam by CleanTalk: from 0.0.0 before 9.7.0.", "supportingMedia": [{"type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") vulnerability in Drupal Anti-Spam by CleanTalk allows Cross-Site Scripting (XSS).<p>This issue affects Anti-Spam by CleanTalk: from 0.0.0 before 9.7.0.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\")"}]}], "providerMetadata": {"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "shortName": "drupal", "dateUpdated": "2026-03-25T15:22:26.583Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3213", "state": "PUBLISHED", "dateUpdated": "2026-03-26T14:47:06.325Z", "dateReserved": "2026-02-25T16:59:28.345Z", "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "datePublished": "2026-03-25T15:22:26.583Z", "assignerShortName": "drupal"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cleantalk:anti-spam:*:*:*:*:*:drupal:*:*", "matchCriteriaId": "590CAE7E-2151-4B43-AD6F-6A65548485B6", "versionEndExcluding": "9.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") vulnerability in Drupal Anti-Spam by CleanTalk allows Cross-Site Scripting (XSS).This issue affects Anti-Spam by CleanTalk: from 0.0.0 before 9.7.0."}, {"lang": "es", "value": "Neutralizaci\u00f3n Incorrecta de la Entrada Durante la Generaci\u00f3n de P\u00e1ginas Web ('cross-site scripting') vulnerabilidad en Drupal Anti-Spam de CleanTalk permite cross-site scripting (XSS). Este problema afecta a Anti-Spam de CleanTalk: desde 0.0.0 hasta antes de 9.7.0."}], "id": "CVE-2026-3213", "lastModified": "2026-03-31T19:24:13.407", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 2.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-25T16:16:22.357", "references": [{"source": "mlhess@drupal.org", "tags": ["Vendor Advisory"], "url": "https://www.drupal.org/sa-contrib-2026-014"}], "sourceIdentifier": "mlhess@drupal.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "mlhess@drupal.org", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0.0.0,9.7.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Anti-Spam by CleanTalk", "source": "cna", "vendor": "Drupal"}, "product": "anti-spam_by_cleantalk", "vendor": "drupal"}], "analysis": {"en": {"generated_at": "2026-04-01T07:09:50.920755+00:00", "value": {"mitigation_remediation": ["Upgrade the Anti\u2011Spam by CleanTalk module to version 9.7.0 or later, which contains the XSS fix.", "Verify that the upgraded package includes the patch by reviewing the module\u2019s release notes or changelog.", "If an immediate upgrade is not possible, temporarily disable the module or restrict its use to trusted users and functions.", "Deploy web\u2011application firewall rules that block typical XSS payloads in user input.", "Monitor site logs and user activity for signs of script injection or anomalous behavior."], "summary": {"action": "Apply Patch", "impact": "Cross\u2011Site Scripting"}, "threat_synthesis": {"affected_systems": "The vulnerability affects every released copy of the Anti\u2011Spam by CleanTalk module from its inception at version 0.0.0 up through, but excluding, 9.7.0. Any Drupal installation that has the module enabled and has not applied the 9.7.0 update is susceptible.", "description_and_impact": "Improper neutralization of input during web page generation in the Drupal Anti\u2011Spam by CleanTalk module lets an attacker inject malicious JavaScript into pages rendered for site users. The injected script runs in victims\u2019 browsers, potentially allowing an attacker to steal session cookies, execute arbitrary client\u2011side code, or deface page content. This flaw does not provide persistent server\u2011side code execution or direct control of the Drupal core, but it can compromise the confidentiality and integrity of user data and degrade the user experience.", "risk_and_exploitability": "The CVSS base score of 4.7 classifies this issue as Medium severity, while the EPSS score of less than 1% indicates a low likelihood of automated exploitation. The vulnerability is not listed in the CISA KEV catalog, suggesting that no widespread exploitation has been documented. Attackers can exploit the flaw by submitting crafted payloads through any input field handled by the module, requiring only normal web access and no privileged credentials. Successful exploitation would result in client\u2011side script execution for users who view the affected page."}}}}, "created": "2026-03-25T21:48:03.078833+00:00", "updated": "2026-04-02T07:59:12.849178+00:00", "vendors": ["drupal", "drupal$PRODUCT$anti-spam_by_cleantalk"]}