Be sure to audit your configuration for what untrusted visitors (like anonymous) are allowed to do. If they're allowed to use the Full HTML input format then your site is vulnerable.
Read the blog post at drupalscout.com/knowledge-base/anything-you-can-do-xss-can-do-better
Loading more stuff…
Hmm…it looks like things are taking a while to load. Try again?