Cross-site scripting (XSS) vulnerability in the Submitted By module 6.x before 6.x-1.3 for Drupal allows remote authenticated users, with โadminister content typesโ privileges, to inject arbitrary web script or HTML via an input string for โsubmitted byโ text.