Please read the entire security bulletin here:
TYPO3 Security Bulletin TYPO3-20070716-1: Cross Site Scripting vulnerability in faq
We also recommend that you subscribe to the TYPO3 Announce List, which is a low-traffic list, where only important announces like this one is being brought.