Posted by chx on January 4, 2006 at 4:15pm
Someone under the pseudonym "Liz0ziM" sent a false security alarm to BugTraq without first contacting the security team:
http://www.securityfocus.com/archive/1/420671/30/0/threaded
This vulnerability is fixed in Drupal 4.5.6, 4.6.4 and onwards. Drupal's new XSS filter mechanism takes care of all vulnerabilities listed on http://ha.ckers.org/xss.html (and even more).
If you have already updated to at least 4.5.6 / 4.6.4 then you are safe and you do not need to take any action. If you have not updated yet, then we advise you again to do so ASAP.