"WordPress 2.8.2 fixes an XSS vulnerability. Comment author URLs were not
fully sanitized when displayed in the admin. This could be exploited to
redirect you away from the admin to another site."
2.8.2 in CVS.
No further references available atm.
And thanks for the uberfast bump.
Cross-site scripting (XSS) vulnerability in the administrator
interface in WordPress before 2.8.2 allows remote attackers to inject
arbitrary web script or HTML via a comment author URL.