The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.
Discovered November 20, 2010 Resolved November 22, 2010 Patches Available 3.0.6
2.5.7 Patch Level 4
Workaround Remove all URL replacements that paste the following characters " ' < > % /