A "moderately critical" ECMAScript/JavaScript vulnerability in Drupal has been fixed in the latest release, version 6.1. All users of the 6.0 version of Drupal are encouraged to patch their current installations or install the complete version 6.1 files.

A potential cross-site scripting (XSS) vulnerability (SA-2008-018) existed in the handling of titles on content edit forms. A JavaScript function used to escape text wasn't working correctly, and is fixed in the latest version.

The legacy 5.x line of Drupal remains at version 5.7, and is not affected by this vulnerability.

Drupal 6.1 is available for download from the main Drupal website.