Vulnerabilities (CVE)

Filtered by vendor Thinkshout Subscribe
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-5488 1 Thinkshout 1 Mailchimp 2024-11-21 2.1 LOW N/A
Cross-site scripting (XSS) vulnerability in the MailChimp Signup submodule in the MailChimp module 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "administer mailchimp" permission to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-5551 2 Drupal, Thinkshout 2 Drupal, Mailchimp 2024-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the MailChimp module 7.x-2.x before 7.x-2.7 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) a predictable "webhook URL key" and (2) improper sanitization of "Webhook variables from POST requests."
CVE-2012-5544 2 Drupal, Thinkshout 2 Drupal, Mandrill 2024-11-21 4.0 MEDIUM N/A
The Mandrill module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users to obtain password reset links by reading the logs in the Mandrill dashboard.