The Drupal team has just released a whole heap of security advisories. Drupal's Email Input Filter, Keys and Tag Order modules all contain security vulnerabilities. Updated versions, in which the problems are fixed, are now available. Only Email Input Filter and Tag Order for Drupal 5 and 6 and Keys for Drupal 6 are affected.
The Drupal security team classifies the vulnerability in the Email Input Filter as critical, as it allows code to injected and executed on a server. Administrators who are affected by the problem should update to version 6.x-1.1 as soon as possible. The vulnerabilities in the Tag Order and Keys modules allow cross-site scripting and cross-site request forgeries respectively, meaning that attacks are directed against users rather than the server. Administrators should therefore also fix these vulnerabilities by installing the updates.

The link for this article located at H Security is no longer available.