DRUPAL-SA-2006-024 - Drupal core - Multiple cross site scripting vulnerabilities

Multiple XSS cross site scripting vulnerabilities have been discovered. A bug in input validation and lack of output validation allows HTML and script insertion on several pages. Drupal's XML parser passes unescaped data to watchdog under certain circumstances. A malicious user may execute an XSS...