Cross site scripting

2015-08-1817:59:00

PRIOn knowledge base

www.prio-n.com

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.6%

JSON

Cross-site scripting (XSS) vulnerability in the MailChimp Signup submodule in the MailChimp module 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the “administer mailchimp” permission to inject arbitrary web script or HTML via unspecified vectors.

CPENameOperatorVersion
mailchimpeq7.120.30
mailchimpeq7.120.31
mailchimpeq7.120.32
mailchimpeq7.x-3.0 alpha1
mailchimpeq7.x-3.0 beta1

Name	Operator	Version
mailchimp	eq	7.120.30
mailchimp	eq	7.120.31
mailchimp	eq	7.120.32
mailchimp	eq	7.x-3.0 alpha1
mailchimp	eq	7.x-3.0 beta1

References

www.openwall.com/lists/oss-security/2015/07/04/4

www.drupal.org/node/2480173

www.drupal.org/node/2480253