- 4.7.20 and earlier
- 4.6.28 and earlier
In the "Recently Viewed" block, the title field of the hyperlink was not properly escaped.
Upgrade to the latest CiviCRM version
If you cannot upgrade you should apply the following patch:
Chris Burgess of Fuzion Aotearoa for reporting the issue
Sean Madsen for fixing the issue