2
Could have just bumped the old thread.
I know that at least we module devs (including some core devs) are aware of the report and are currently trying to figure out, what is causing it and how it can be exploited so it is possible to find out, how it can be prevented.
Until then, as we probably should with all modules, since it is a cross-site scripting issue, everyone are advised not to click on direct links for e.g. forum posts unless
a) you trust the poster
b) you can see that the link does not have more than the proper amount of variables (someone please confirm this, I'm no security expert) and no "weird" code after the normal query string
