2 matches found
CVE-2015-5488
CVE-2015-5488 is a cross-site scripting vulnerability in Drupal’s MailChimp module (significant for the MailChimp Signup submodule) in 7.x-3.x before 7.x-3.3. The issue allows remote authenticated users with the administrator privilege (administer mailchimp) to inject arbitrary script/HTML via un...
CVE-2012-5551
CVE-2012-5551 affects the Drupal MailChimp module (7.x-2.x) prior to 7.x-2.7. The root cause is two XSS vectors: (1) a predictable webhook URL key and (2) improper sanitization of webhook variables coming from POST requests. This allows remote attackers to inject arbitrary scripts/HTML. Impact is...