CVE-2012-5551

MailChimp module <7.x-2.7 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in the MailChimp module 7.x-2.x before 7.x-2.7 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) a predictable "webhook URL key" and (2) improper sanitization of "Webhook variables from POST requests."

References (4)

Scores

EPSS 0.0029
EPSS Percentile 51.7%

Details

CWE
CWE-79
Status published
Products (14)
thinkshout/mailchimp
thinkshout/mailchimp
thinkshout/mailchimp
thinkshout/mailchimp
thinkshout/mailchimp
thinkshout/mailchimp
thinkshout/mailchimp
thinkshout/mailchimp
thinkshout/mailchimp
thinkshout/mailchimp
... and 4 more
Published Dec 03, 2012
Tracked Since Feb 18, 2026