Things are moving fast these days: shortly after the release of the 2.8-branch, patches 2.8.1 and even 2.8.2 became available.
Today I upgraded to 2.8.2 to avoid being vulnerable to an XSS-attack.

I hope these kinds vulnerabilities will not be present in this version, nor the following versions. However: props to the contributors at WP for fixing it fast!