Several vulnerabilities were reported in Drupal. A remote authenticated user can modify comment visibility settings. A remote authenticated user can obtain the configuration file. A remote user can conduct cross-site scripting attacks.
Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information