source: https://www.securityfocus.com/bid/38545/info Drupal is prone to multiple vulnerabilities, including cross-site scripting issues, a phishing issue, and a security-bypass issue. An attacker may leverage these issues to execute arbitrary code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, bypass security restrictions, or perform other attacks. These issues affect the following: Drupal 5.x prior to 5.22 Drupal 6.x prior to 6.16 The following example URI is available for the redirect issue: http://www.example.com/drupal-6.16/index.php?q=http://www.example.net