3 results (0.003 seconds)

CVSS: 2.1EPSS: 0%CPEs: 5EXPL: 0

Cross-site scripting (XSS) vulnerability in the MailChimp Signup submodule in the MailChimp module 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "administer mailchimp" permission to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el submódulo MailChimp Signup en el módulo MailChimp 7.x-3.x en versiones anteriores a 7.x-3.3 para Drupal, permite a usuarios remotos autenticados con el permiso 'administer mailchimp' inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2015/07/04/4 https://www.drupal.org/node/2480173 https://www.drupal.org/node/2480253 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.0EPSS: 0%CPEs: 6EXPL: 0

The Mandrill module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users to obtain password reset links by reading the logs in the Mandrill dashboard. El módulo Mandrill v7.x-1.x antes de v7.x-1.2 para Drupal permite a usuarios autenticados remotamente obtener enlaces de reinicio de contrañseña mediante la lectura de registros en el Mandrill dashboard. • http://drupal.org/node/1807894 http://drupal.org/node/1808846 http://www.openwall.com/lists/oss-security/2012/11/20/4 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the MailChimp module 7.x-2.x before 7.x-2.7 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) a predictable "webhook URL key" and (2) improper sanitization of "Webhook variables from POST requests." Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo MailChimp v7.x-2.x antes de v7.x-2.7 para Drupal permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con (1) una "clave URL webhook" predecible y (2) saneamiento incorrecto de "variables Webhook de peticiones POST. • http://drupal.org/node/1821330 http://drupal.org/node/1822166 http://www.openwall.com/lists/oss-security/2012/11/20/4 http://www.securityfocus.com/bid/56234 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •