Details

As a answer to this exploit (http://www.milw0rm.com/exploits/9250) the new filter now covers Cross-Site-Scripting attacks over the variables: author, email, url and message. Unfortunately this also means that double escapings are possible and may result in ugly formated comments (especially if they consist of JavaScript or HTML code).

If your Wordpress is not version 2.8.2 or higher you should mind updating your filter.