DRUPAL-CONTRIB-2026-014

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/cleantalk/DRUPAL-CONTRIB-2026-014.json

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2026-014

Aliases

CVE-2026-3213

Published

2026-02-25T18:46:10Z

Modified

2026-02-25T19:44:39.051432Z

Summary

[none]

Details

This module enables you to block bots by Firewall.

The module doesn't sufficiently sanitize user input leading to a reflected Cross-site scripting (XSS) vulnerability.

This vulnerability is mitigated by the fact that the vulnerable functionality is only presented to users that are "challenged" or blocked by the firewall.

References

https://www.drupal.org/sa-contrib-2026-014

Credits

- Drew Webber (mcdruid)
- - https://www.drupal.org/u/mcdruid

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/cleantalk

Package

Name: drupal/cleantalk
Purl: pkg:composer/drupal/cleantalk

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

9.7.0

Database specific

{
    "constraint": "<9.7.0"
}

Database specific

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/cleantalk/DRUPAL-CONTRIB-2026-014.json"

affected_versions

"<9.7.0"