The Drupal Security Team have released two advisories, 1. http://drupal.org/files/sa-2007-017/advisory.txt 2. http://drupal.org/files/sa-2007-018/advisory.txt The first details a cross-site request forgery vuln that effects drupal 5.x before 5.2. The second details a XSS vuln that effects drupal 5.x before 5.2 and drupal 4.7.x before 4.7.7
*** This bug has been marked as a duplicate of bug 186884 ***