CVE-2012-5551

Name of the Vulnerable Software and Affected Versions MailChimp module versions 7.x-2.x before 7.x-2.7 for Drupal

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The attack vectors are related to a predictable "webhook URL key" and improper sanitization of Webhook variables from POST requests.

Recommendations For MailChimp module versions 7.x-2.x before 7.x-2.7, update to version 7.x-2.7 or later to resolve the issue.