Fix Solution by Kilandor - http://www.seditioforge.com/

Updated, Replace the whole function. (Easier to do it like this)

Thanks to Orkan for Suggesting the eregi_replace

Search for in system/functions.php
function sed_cc

Replace the function with this

function sed_cc($text)
	{
	$text = eregi_replace('&#([0-9]+)', '&#\\1', $text);
	$text = str_replace(
	array('{', '<', '>' , '$', '\'', '"', '\\', '&amp;', '&nbsp;'),
	array('&#123;', '&lt;', '&gt;', '&#36;', '&#39;', '&quot;', '&#92;', '&amp;amp;', '&amp;nbsp;'), $text);
	return($text);
	}

You can see the fix working in action here.

http://www.seditioforge.com/tutorials/core-hacks/security-fix---ascii-insertion-into-text-i63.html

Fix Solution by Kilandor - http://www.seditioforge.com/