"WordPress 2.8.2 fixes an XSS vulnerability. Comment author URLs were not fully sanitized when displayed in the admin. This could be exploited to redirect you away from the admin to another site."
2.8.2 in CVS.
Changeset: http://core.trac.wordpress.org/changeset?new=11730%40branches&old=11701%40branches No further references available atm. And thanks for the uberfast bump.
CVE-2009-2851 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2851): Cross-site scripting (XSS) vulnerability in the administrator interface in WordPress before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via a comment author URL.