Update your Drupal core to fix security issue in error messages

Drupal 6.22 was released today! This minor release includes security fixes and bug fixes to make your Drupal site more secure and reliable.

One of the security issues that was fixed is a recent vulnerability that was discovered in Drupal's error handler. Drupal displays PHP errors in the messages area, and a specially crafted URL can cause malicious scripts to be injected into the message. This issue can be mitigated by disabling on-screen error display at /admin/settings/error-reporting.

So until you have time to update your Drupal core, you can correct this security issue with 2 easy steps:
1. Go to /admin/settings/error-reporting
2. Set the error-reporting to "Write errors to the Log"

Note: This is the recommended setting for production websites.