Drupal DRUPAL-SA-CORE-2010-002 Multiple Remote Vulnerabilities
Drupal is prone to multiple remote vulnerabilities, including multiple security-bypass vulnerabilities and an HTML-injection vulnerability.
An attacker can exploit this issue to gain unauthorized access to the affected application, gain access to sensitive information, execute arbitrary script code, steal cookie-based authentication credentials. Other attacks are also possible.
The following versions are affected:
5.x prior to 5.23
6.x prior to 6.18