CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-5551

Multiple cross-site scripting (XSS) vulnerabilities in the MailChimp module 7.x-2.x before 7.x-2.7 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) a predictable "webhook URL key" and (2) improper sanitization of "Webhook variables from POST requests."

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 51.6%

CVSS Severity

CVSS v2 Score 4.3

References

Products affected by CVE-2012-5551

Drupal » Drupal » Version: N/A

cpe:2.3:a:drupal:drupal:-
Thinkshout » Mailchimp » Version: 7.x-2.0

cpe:2.3:a:thinkshout:mailchimp:7.x-2.0
Thinkshout » Mailchimp » Version: 7.x-2.1

cpe:2.3:a:thinkshout:mailchimp:7.x-2.1
Thinkshout » Mailchimp » Version: 7.x-2.2

cpe:2.3:a:thinkshout:mailchimp:7.x-2.2
Thinkshout » Mailchimp » Version: 7.x-2.3

cpe:2.3:a:thinkshout:mailchimp:7.x-2.3
Thinkshout » Mailchimp » Version: 7.x-2.4

cpe:2.3:a:thinkshout:mailchimp:7.x-2.4
Thinkshout » Mailchimp » Version: 7.x-2.5

cpe:2.3:a:thinkshout:mailchimp:7.x-2.5
Thinkshout » Mailchimp » Version: 7.x-2.6

cpe:2.3:a:thinkshout:mailchimp:7.x-2.6
Thinkshout » Mailchimp » Version: 7.x-2.x

cpe:2.3:a:thinkshout:mailchimp:7.x-2.x

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-5551

Products

Pricing

Contact Us