Vulnerable Systems:
* Drupal Campaign Monitor Module HTML Injection Vulnerability
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible.
Campaign Monitor 6.x-2.x versions prior to 6.x-2.5 are vulnerable.
Vendor Status:
Currently we are not aware of any vendor-supplied patches