Drupal is prone to multiple vulnerabilities, including cross-site scripting issues, a phishing issue, and a security-bypass issue.
An attacker may leverage these issues to execute arbitrary code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, bypass security restrictions, or perform other attacks.
These issues affect the following:
Drupal 5.x prior to 5.22
Drupal 6.x prior to 6.16
The following example URI is available for the redirect issue: