Index: wp-admin/includes/template.php
===================================================================
--- wp-admin/includes/template.php	(revision 19998)
+++ wp-admin/includes/template.php	(working copy)
@@ -1266,10 +1266,10 @@
 
 	$output = '';
 	foreach ( $settings_errors as $key => $details ) {
-		$css_id = 'setting-error-' . $details['code'];
-		$css_class = $details['type'] . ' settings-error';
+		$css_id = 'setting-error-' . esc_attr( $details['code'] );
+		$css_class = esc_attr( $details['type'] ) . ' settings-error';
 		$output .= "<div id='$css_id' class='$css_class'> \n";
-		$output .= "<p><strong>{$details['message']}</strong></p>";
+		$output .= "<p><strong>" . wp_kses_data( $details['message'] ) . "</strong></p>";
 		$output .= "</div> \n";
 	}
 	echo $output;