Not sure if $taboo was getting sanitized or not. Possibly an SQL injection vulnerability that allows maliciously crafted group names to inject SQL at a later date when the group CP is loaded. Unconfirmed, theoretical fix.
<html xmlns="http://www.w3.org/1999/xhtml">
<HEAD>
<TITLE>Insert link button</TITLE>
<link href="style.css" rel="stylesheet" type="text/css">
</HEAD>
<BODY>
<table width="100%" border="0" cellpadding="1" cellspacing="3" class="pageheader">
<tr>
<td><span class="title">Insert link button</span></td>
<td align="right"><a href="index.htm"><acronym title="Table of contents">TOC</acronym></a></td>
</tr>
</table>
<hr noshade>
<br>
This button opens a new window with the insert/edit link function.<br>
<br>
<img src="images/insert_link_window.gif" width="330" height="159" alt="Insert link dialog/window" /><br>
<br>
There are two fields in this window the first one "Link URL" is the
URL of the link. The target enables you to select how the link is to be opened.<br>
<br>
<hr noshade>
<table width="100%" border="0" cellpadding="1" cellspacing="3" class="pagefooter">
<tr>
<td>Go to: <a href="index.htm">Table of contents</a></td>
<td align="right"><a href="#">Top</a></td>
</tr>
</table>
<br>
</BODY>
</HTML>