This is getting rather tedious, it seems every hacker is hell bent on throwing a spanner in the works lately, and I'm starting to grow tired of it. This one is barely worth mentioning, but hey, who am I to deny a hacker's right to stardom, right Grindordie? The exploit affects news/article submissions, the user can use the javascript alert function to display bogus messages such as, "ha ha you've been hacked". Ok, bad example, but you get the idea. Anyway, we can patch this by filtering out alert by adding this line to fusion_core.php:
Line 352: $text1[11] = "#alert#si"; $text2[11] = 'alert';
Simple enough, you can apply the fix yourself or grab the updated core from the service pack. The Sourceforge download has been updated as usual.
