Howdy,
I use Sitelock on one of the servers where I have a few Atahualpa installations. Just this week they started alerting me with a security message which seems connected to Atahualpa code. Not sure if it's legit or if they're just trying to get me to upgrade. :/
But here's what they're saying:
Severity: Medium
Category: xss
Summary: Atahualpa Theme - Authenticated Cross-Site Scripting (XSS)
Description: Providing any of the following fields with string such as: "><script>alert(1);</script> results in the script element getting appended after the respective input element when the request returns from the server: "comment_feed_link", "home_cat_menu_bar", "email_subscribe_link", "home_single_next_prev", "email_subscribe_link_title", "feedburner_email_id", "excerpt_length", "page_menu_bar_link_color", "cat_menu_bar_background_color_parent", "cat_menu_bar_link_color", "left_col_pages_exclude", "widget_lists link-hover-color", "left_col2_cats_exclude" The solution to this issue is to encode as html all the user-provided parameters before they are returned to the browser.