Mark Baggett

**Name of the Vulnerable Software and Affected Versions** Drupal MySite module versions 4.7.x before 4.7.x-3.3 Drupal MySite module versions 5.x before 5.x-1.3 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `Title` field when editing a page. **Recommendations** For Drupal MySite module versions 4.7.x before 4.7.x-3.3, update to version 4.7.x-3.3 or later. For Drupal MySite module versions 5.x before 5.x-1.3, update to version 5.x-1.3 or later.