Index: wp-includes/taxonomy.php
===================================================================
--- wp-includes/taxonomy.php	(revision 5778)
+++ wp-includes/taxonomy.php	(working copy)
@@ -229,6 +229,7 @@
 		'hierarchical' => true, 'child_of' => 0, 'get' => '', 'name_like' => '');
 	$args = wp_parse_args( $args, $defaults );
 	$args['number'] = (int) $args['number'];
+	$args['name_like'] = $wpdb->escape(stripslashes($args['name_like']));
 	if ( !$single_taxonomy || !is_taxonomy_hierarchical($taxonomies[0]) ||
 		'' != $args['parent'] ) {
 		$args['child_of'] = 0;
Index: wp-includes/widgets.php
===================================================================
--- wp-includes/widgets.php	(revision 5778)
+++ wp-includes/widgets.php	(working copy)
@@ -365,7 +365,7 @@
 			$newoptions['sortby'] = 'menu_order';
 		}
 
-		$newoptions['exclude'] = strip_tags( stripslashes( $_POST['pages-exclude'] ) );
+		$newoptions['exclude'] = preg_replace( '/[^\d,]/', '', $_POST['pages-exclude'] );
 	}
 	if ( $options != $newoptions ) {
 		$options = $newoptions;