Pathauto cross site scripting vulnerability

It is possible for a malicious user to execute XSS Cross Site Scripting by enticing a victim to click on a specially crafted link. This may lead to administrator access if certain conditions are met. Learn more about XSS on Wikipedia. Versions affected Please check the CVS $Id$ fields in the file...

DRUPAL-SA-2006-015: Multiple vulnerabilities in Bibliography

Unescaped input is used directly in queries, allowing malicious users to execute SQL injection attacks. This may result in administrator access. It is also possible for a malicious user to insert and execute XSS Cross Site Scripting, due to lack of validation on output. This may lead to...