- 4.7.20 and earlier
- 4.6.28 and earlier
In CiviContribute forms which combine the "On Behalf Of" feature with "Organization" records, some data was not properly escaped.
Upgrade to the latest version of CiviCRM
If you cannot upgrade then apply the following patch
Alan Dixon of Blackfly Solutions for reporting and fixing the issue