4.5 - 4.6.8
There was a bug in one of CiviCRM's internal type checks which may allow inappropriate user input to be saved to the database and/or displayed.
This was a general weakness in one of CiviCRM's security layers; no specific exploits of this have been identified. This type of vulnerability could potentially allow attackers to save malicious content to the database or display it to site users.
If you are using CiviCRM 4.5+, upgrade to the latest version.
Note that this bug did not affect the 4.4 LTS series.
Coleman Watts of the CiviCRM core team