Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.12 and 6.x before 6.6 allows remote authenticated users with create book content or edit node book hierarchy permissions to inject arbitrary web script or HTML via the book page title.
drupal.org/node/324824
secunia.com/advisories/32297
secunia.com/advisories/32441
www.securityfocus.com/bid/31882
www.vupen.com/english/advisories/2008/2913
exchange.xforce.ibmcloud.com/vulnerabilities/46052
www.redhat.com/archives/fedora-package-announce/2008-October/msg00783.html
www.redhat.com/archives/fedora-package-announce/2008-October/msg00826.html