2 results (0.007 seconds)

CVSS: 2.1EPSS: 0%CPEs: 5EXPL: 0

Cross-site scripting (XSS) vulnerability in the MailChimp Signup submodule in the MailChimp module 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "administer mailchimp" permission to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el submódulo MailChimp Signup en el módulo MailChimp 7.x-3.x en versiones anteriores a 7.x-3.3 para Drupal, permite a usuarios remotos autenticados con el permiso 'administer mailchimp' inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2015/07/04/4 https://www.drupal.org/node/2480173 https://www.drupal.org/node/2480253 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the MailChimp module 7.x-2.x before 7.x-2.7 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) a predictable "webhook URL key" and (2) improper sanitization of "Webhook variables from POST requests." Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo MailChimp v7.x-2.x antes de v7.x-2.7 para Drupal permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con (1) una "clave URL webhook" predecible y (2) saneamiento incorrecto de "variables Webhook de peticiones POST. • http://drupal.org/node/1821330 http://drupal.org/node/1822166 http://www.openwall.com/lists/oss-security/2012/11/20/4 http://www.securityfocus.com/bid/56234 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •