The WordPress Development team has released WordPress version 2.8.2. The new version fixes an XSS vulnerability in comment author URLs which were not being fully sanitized when displayed in the admin. An exploit is possible to redirect the logged in account to another URL from from the WordPress administration page.

It is adviced that an upgrade to version 2.8.2 is performed. You can do the upgrade either by using the WordPress upgrade tool found at Tools->Upgrade of your blog’s admin or Download WordPress 2.8.2 to perform a manual upgrade of your WordPress site.