diff --git a/common/contrib/autologout/SA-CONTRIB-2017-081.patch b/common/contrib/autologout/SA-CONTRIB-2017-081.patch
new file mode 100644
index 0000000000000000000000000000000000000000..062d0f0d873df1c0e0d154600145fdd122e1aae2
--- /dev/null
+++ b/common/contrib/autologout/SA-CONTRIB-2017-081.patch
@@ -0,0 +1,28 @@
+diff --git a/autologout.admin.inc b/autologout.admin.inc
+index 8e5583a..abdce81 100644
+--- a/autologout.admin.inc
++++ b/autologout.admin.inc
+@@ -86,7 +86,9 @@ function autologout_settings() {
+     '#title' => t('Message to display to the user after they are logged out.'),
+     '#default_value' => variable_get('autologout_inactivity_message', 'You have been logged out due to inactivity.'),
+     '#size' => 40,
+-    '#description' => t('This message is displayed after the user was logged out due to inactivity. You can leave this blank to show no message to the user.'),
++    '#description' => t('This message is displayed after the user was logged out due to inactivity. You can leave this blank to show no message to the user.')
++      . ' ' . t('This text will passed through <a href="!url">filter_xss</a>.',
++        array('!url' => "https://api.drupal.org/api/drupal/includes%21common.inc/function/filter_xss/6.x")),
+   );
+ 
+   $form['autologout_use_watchdog'] = array(
+diff --git a/autologout.module b/autologout.module
+index 91587a4..db36289 100644
+--- a/autologout.module
++++ b/autologout.module
+@@ -700,7 +700,7 @@ function _autologout_logout_role($user) {
+ function _autologout_inactivity_message() {
+   $message = variable_get('autologout_inactivity_message', 'You have been logged out due to inactivity.');
+   if (!empty($message)) {
+-    drupal_set_message(t($message));
++    drupal_set_message(filter_xss(t($message)));
+   }
+ }
+