Cross-site scripting (XSS) vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the $names variable.
secunia.com/advisories/20412
secunia.com/advisories/21244
securityreason.com/securityalert/1041
www.debian.org/security/2006/dsa-1125
www.securityfocus.com/archive/1/435793/100/0/threaded
www.securityfocus.com/bid/18245
www.vupen.com/english/advisories/2006/2112
drupal.org/files/sa-2006-008/4.6.7.patch
drupal.org/node/66767
exchange.xforce.ibmcloud.com/vulnerabilities/26893