This security update fixes a cross site scripting (XSS) vulnerability in the content/versionview module. It adds escaping/conversion to input parameters, so that an attacker cannot insert scripting commands.
Patch for eZ Publish: https://github.com/ezsystems/ezpublish-legacy/commit/8854aa7cc2fc0b9e6d91fb0f614f53c648a16f23
