I know nothing about this stuff, including what it is and isn't safe to say in public without giving too much away, but I'm curious to know more. What damage could someone do with this vulnerability? Big damage?

The one reported by FrSIRT is a cross site scripting flaw which allows injection of Javascript into pages.

 

Symantec haven't got back to me yet regarding their discovery.