Not sure if $taboo was getting sanitized or not. Possibly an SQL injection vulnerability that allows maliciously crafted group names to inject SQL at a later date when the group CP is loaded. Unconfirmed, theoretical fix.
tinyMCE.importPluginLanguagePack('print');var TinyMCE_PrintPlugin={getInfo:function(){return{longname:'Print',author:'Moxiecode Systems AB',authorurl:'http://tinymce.moxiecode.com',infourl:'http://wiki.moxiecode.com/index.php/TinyMCE:Plugins/print',version:tinyMCE.majorVersion+"."+tinyMCE.minorVersion}},getControlHTML:function(cn){switch(cn){case"print":return tinyMCE.getButtonHTML(cn,'lang_print_desc','{$pluginurl}/images/print.gif','mcePrint')}return""},execCommand:function(editor_id,element,command,user_interface,value){switch(command){case"mcePrint":tinyMCE.getInstanceById(editor_id).contentWindow.print();return true}return false}};tinyMCE.addPlugin("print",TinyMCE_PrintPlugin);