"Ricochet was very impressive with their knowledge, abilities and professionalism. We never ran into a technological roadblock or problem that couldn't be solved. They were able to offer new, cutting-edge solutions around every corner, and they were fantastic about staying in communication. It seemed like we were always able to get ahold of someone, whether it was Tuesday at 1am or Saturday at 7am, someone was quick to respond and help address an emergency or even a simple inquiry. Truly professional service, and quality work.
—Jacob Sowinski, Blue Canvas

Anti-Spam by CleanTalk - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-014

Wed, 2026-02-25 10:46 — Anonymous (not verified)

Project: Anti-Spam by CleanTalkDate: 2026-February-25Security risk: Moderately critical 13 ∕ 25 AC:Complex/A:None/CI:Some/II:Some/E:Theoretical/TD:UncommonVulnerability: Cross-site scriptingAffected versions: <9.7.0CVE IDs: CVE-2026-3213Description: This module enables you to block bots by Firewall.
The module doesn't sufficiently sanitize user input leading to a reflected Cross-site scripting (XSS) vulnerability.
This vulnerability is mitigated by the fact that the vulnerable functionality is only presented to users that are "challenged" or blocked by the firewall.Solution: Install the latest version:

If you use the Anti-Spam by CleanTalk module for Drupal, upgrade to Anti-Spam by CleanTalk 9.7.0.

Reported By:

Drew Webber (mcdruid) of the Drupal Security Team

Fixed By:

glomberg
Drew Webber (mcdruid) of the Drupal Security Team
sergefcleantalk

Coordinated By:

Damien McKenna (damienmckenna) of the Drupal Security Team
Greg Knaddison (greggles) of the Drupal Security Team
Drew Webber (mcdruid) of the Drupal Security Team
Juraj Nemec (poker10) of the Drupal Security Team
Jess (xjm) of the Drupal Security Team

Path to article https://www.drupal.org/sa-contrib-2026-014

Search form

Anti-Spam by CleanTalk - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-014