Skip to main content

Anti Spam By Cleantalk

2 CVEs product

Monthly

CVE-2026-10770 PHP MEDIUM PATCH This Month

Reflected XSS in the Anti-Spam by CleanTalk Drupal contributed module (versions 0.0.0 through 9.7.1) allows remote unauthenticated attackers to inject and execute malicious JavaScript in a victim's browser by tricking them into visiting a crafted URL. The CVSS Changed scope (S:C) confirms the payload executes in the browser's security context, enabling session theft, credential harvesting, or UI redirection against authenticated Drupal users. No public exploit code and no active exploitation have been identified; EPSS at 0.16% (6th percentile) indicates negligible observed exploitation probability at time of analysis.

XSS Anti Spam By Cleantalk
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2026-3213 PHP MEDIUM PATCH This Month

A Cross-Site Scripting (XSS) vulnerability exists in the Drupal Anti-Spam by CleanTalk module due to improper neutralization of user input during web page generation. All versions from 0.0.0 through 9.6.x are affected, with a patch available in version 9.7.0 or later. Attackers can inject malicious scripts that execute in the context of authenticated users' browsers, potentially leading to session hijacking, credential theft, or defacement of Drupal sites.

XSS Anti Spam By Cleantalk
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Reflected XSS in the Anti-Spam by CleanTalk Drupal contributed module (versions 0.0.0 through 9.7.1) allows remote unauthenticated attackers to inject and execute malicious JavaScript in a victim's browser by tricking them into visiting a crafted URL. The CVSS Changed scope (S:C) confirms the payload executes in the browser's security context, enabling session theft, credential harvesting, or UI redirection against authenticated Drupal users. No public exploit code and no active exploitation have been identified; EPSS at 0.16% (6th percentile) indicates negligible observed exploitation probability at time of analysis.

XSS Anti Spam By Cleantalk
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

A Cross-Site Scripting (XSS) vulnerability exists in the Drupal Anti-Spam by CleanTalk module due to improper neutralization of user input during web page generation. All versions from 0.0.0 through 9.6.x are affected, with a patch available in version 9.7.0 or later. Attackers can inject malicious scripts that execute in the context of authenticated users' browsers, potentially leading to session hijacking, credential theft, or defacement of Drupal sites.

XSS Anti Spam By Cleantalk
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy