Two security exploits for Radio UserLand were published last night on the Radio customer support board.
The first exploit allows an attacker to execute scripts on a Radio weblog's comments page. This can be used to redirect visitors to another Web site, transmit cookies to a third party, open pop-up windows, and the like.
The second exploit allows an attacker to post a comment to an entry that doesn't exist yet.
These exploits affect users who host their comments on UserLand servers. If you'd like to take your comments offline temporarily while a fix is being prepared, use the Comments preference to disable the feature and republish your entire weblog.