In May 2010 I discovered several XSS vulnerabilities within the Joomla components Card View JX and Table JX which were all based on the famous com_grid component. Until now those vulnerabilities remained unpatched.
Today I received an email from David Mavec who is one of the guys working on com_grid. According to him, all vulnerabilities within com_grid should be closed now. Short tests indicate that this is true and the built-in XSS filters are working.
Thanks for the short notice!
Update from 20.09.2010: According to David Mavec this also affects TableJX and CardViewJX.