thanks to what is obviously automated code analysis, another xss problem was found in wordpress 2.2. bdirty tested the issue against an unmodified version of wp and found that the problems mentioned in the post do not exist-- a blank page is displayed. furthermore (though the analyst does note this) admin privs are required to even attempt the exploit, and at that point an attacker can do anything anyways.