Itâ€™s an unexpected update, given that version 2.8.1 was released less than two weeks ago. But good to see that the community involved in WordPress development is on the case and with a quick fix.
The announcement post says this about the issue:
WordPress 2.8.2 fixes an XSS vulnerability. Comment author URLs were not fully sanitized when displayed in the admin. This could be exploited to redirect you away from the admin to another site. Download 2.8.2 or automatically upgrade from the Tools->Upgrade page of your blogâ€™s admin.
Iâ€™m updating and I recommend you do, too, if you run WordPress.