Thats a typical XSS attack, escape your outputs. That was my thought before I got to the bottom of the image you gave. I assure you it could be worse, I once saw a case where the cracker injected code that downloaded a virus to the users machine. It was a mortgage banker so less technical clients would do whatever the site said and got infected.

I personally use the sanitize feature in the Savant template engine to escape my outputs.

__________________