Multiple vulnerabilities in Drupal 6.x before version 6.16 and Drupal
5.x before version 5.22 have been fixed in the latest release. These
* Installation cross site scripting
* Open redirection
* Locale module cross site scripting
* Blocked user session regeneration
Priority 4: This vulnerability has a lower probability of exploitation,
but should still be mitigated.
Severity 3: This vulnerability poses high risk within a group/school. It
does not pose a risk of contaminating other groups/schools.
This article also has the following advice:
"Drupal 5 will no longer be maintained when Drupal 7 is released.
Upgrading to Drupal 6 is recommended."
It is recommended that these versions of Drupal be scheduled for patching.