There was a bug in one of CiviCRM's internal type checks which may allow inappropriate user input to be saved to the database and/or displayed.
This was a general weakness in one of CiviCRM's security layers; no specific exploits of this have been identified. This type of vulnerability could potentially allow attackers to save malicious content to the database or display it to site users.
4.5 - 4.6.8
4.6.9
If you are using CiviCRM 4.5+, upgrade to the latest version.
Note that this bug did not affect the 4.4 LTS series.
Coleman Watts of the CiviCRM core team
https://issues.civicrm.org/jira/browse/CRM-17291