XenForo extends thanks to Thomas Schneider for identifying the issue.
The issue is a XSS vulnerability. XSS (Cross Site Scripting) issues allow scripts and malicious HTML to be injected into the page, potentially allowing data theft or unauthenticated access.
Applying a Fix: Upgrading
You may upgrade to 2.0.9 to fix this issue. You should upgrade as you would to any other release.
Applying a Fix: Patching
Alternatively, this issue can be fixed by applying the patch in the attached file. You should simply overwrite the following file with the version attached to this message: