MEDIUM🇵🇱 Wersja polska

CVE-2026-3213

CVSS 4.7v3.1pub. 2026-03-25upd. 2026-03-31

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Anti-Spam by CleanTalk allows Cross-Site Scripting (XSS).This issue affects Anti-Spam by CleanTalk: from 0.0.0 before 9.7.0.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
  • Cleantalk Anti Spam

    APP
    Cleantalk
    < 9.7.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2024-10542CRITICAL9.8PL ✓ten sam produkt

CleanTalk Anti-Spam: nieautoryzowana instalacja wtyczek przez bypass autoryzacji

CVE-2021-24131HIGH7.2ten sam produkt

Unvalidated input in the Anti-Spam by CleanTalk WordPress plugin, versions before 5.149, lead to multiple auth...

CVE-2023-51696MEDIUM4.3ten sam produkt

Cross-Site Request Forgery (CSRF) vulnerability in СleanTalk - Anti-Spam Protection Spam protection, Anti-Spam...

CVE-2024-13365CRITICAL9.8PL ✓ten sam vendor

Nieuwierzytelniony upload plików w pluginie CleanTalk Security & Malware Scan dla WordPress

CVE-2024-10781HIGH8.1ten sam vendor

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbit...