Multiple vulnerabilities has been found. Incorrect handling of input from GET/POST-variables, and allowing an attacker to execute XSS and/or SQL Injection attacks.
We also recommend that you subscribe to the TYPO3 Announce List, which is a low-traffic list, where only important announces like this one is being brought.