Index: wp-content/themes/twentyeleven/functions.php
===================================================================
--- wp-content/themes/twentyeleven/functions.php	(revision 56032)
+++ wp-content/themes/twentyeleven/functions.php	(working copy)
@@ -764,7 +764,7 @@
 					?>
 
 					<?php if ( '0' === $comment->comment_approved ) : ?>
-					<em class="comment-awaiting-moderation"><?php echo $moderation_note; ?></em>
+					<em class="comment-awaiting-moderation"><?php echo esc_html( $moderation_note ); ?></em>
 					<br />
 					<?php endif; ?>