Certain unspecified input is not properly sanitized in the KSES library before being displayed to the user, according to Secunia.
This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site when the malicious data is being viewed.
This is a critical release, available immediately through the update page in your dashboard or for download here.
netizens left a footprint.