2 matches found
CVE-2012-5551
CVE-2012-5551 affects the Drupal MailChimp module (7.x-2.x) prior to 7.x-2.7. The root cause is two XSS vectors: (1) a predictable webhook URL key and (2) improper sanitization of webhook variables coming from POST requests. This allows remote attackers to inject arbitrary scripts/HTML. Impact is...
SA-CONTRIB-2012-158 - MailChimp - Cross Site Scripting (XSS)
This module provides integration with the MailChimp email delivery service. There are two issues with the webhook processing, which is exposed as an API in mailchimp.module and used by mailchimplists.module to update subscriber information. The webhook URL key can be trivially calculated. Webhook...