The Views module provides a flexible method for Drupal site
designers to control how lists and tables of content are
presented. Under certain circumstances, Views could display
parts of the page path without escaping, resulting in a
relected Cross Site Scripting (XSS) vulnerability. An attacker
could exploit this to gain full administrative access.
Mitigating factors: This vulnerability only occurs with a
specific combination of configuration options for a specific
View, but this combination is used in the default Views
provided by some additional modules. A malicious user would
need to get an authenticated administrative user to visit a
specially crafted URL.