- Patch #669062 by Damien Tournoud and security team: fixed SA-CORE-2009-009: menu description XSS.

modules/system/system.admin.inc

@@ -2342,7 +2342,7 @@ function theme_admin_block_content($variables) {
     $output = '<dl class="admin-list">';
     foreach ($content as $item) {
       $output .= '<dt>' . l($item['title'], $item['href'], $item['localized_options']) . '</dt>';
-      $output .= '<dd>' . $item['description'] . '</dd>';
+      $output .= '<dd>' . filter_xss_admin($item['description']) . '</dd>';
     }
     $output .= '</dl>';
   }