Cross-site scripting (XSS) vulnerability in the Activity module 6.x-1.x for Drupal.
drupal activity 6.x-1.x