Drupal security advisory DRUPAL-SA-2006-008: Bart Jansens reported that it is possible for a malicious user to insert and execute XSS into free tagging terms, due to lack of validation on output of the page title. The fix wraps the display of terms in check_plain().
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/46982/DRUPAL-SA-2006-008.txt
Source: https://packetstormsecurity.com/files/46982/DRUPAL-SA-2006-008.txt.html