Looks to me like it is dependent on which version of PHP is being used.&nbsp; Older versions running Drupal might still be vulnerable.&nbsp; Using PHP 4.3.10, I was not able to duplicate any of the example XSS attacks.<br>