CVE-2015-5488

Name of the Vulnerable Software and Affected Versions MailChimp module versions 7.x-3.x before 7.x-3.3

Description The issue allows remote authenticated users with the "administer mailchimp" permission to inject arbitrary web script or HTML. This is a cross-site scripting (XSS) vulnerability, which means an attacker can execute malicious scripts on a user's browser, potentially leading to unauthorized actions or data theft.

Recommendations For MailChimp module versions 7.x-3.x before 7.x-3.3, update to version 7.x-3.3 or later to resolve the issue. As a temporary workaround, consider restricting the "administer mailchimp" permission to trusted users only until the update is applied.