In version 1.6.4 a security fix was made to a number of layout files, specifically those for category lists for articles, weblinks, newsfeeds and contacts and the featured contact list. If you are using layout overrides for these you should ensure that you make the same changes are made in your template (if the same issue is present). Overrides are found in the html folder of your template. You may also wish to check layout files for extensions for the same issue since the core layouts are sometimes used as models.
The change made is to replace JfilterOutput::ampReplace with htmlspecialchars. The following files should be changed:
This change should also be made to the override found in the beez5 template