Status: has not been patched yet.
1) Input passed via the "blog" GET parameter to wp-content/plugins/uploader/views/notify.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
2) The wp-content/plugins/uploader/uploadify/uploadify.php script allows the upload of files with arbitrary extensions to a folder inside the webroot. This can be exploited to upload arbitrary files inside the webroot and e.g. execute arbitrary PHP code.