An issue exists in Bilboplanet 2.0. There is a stored XSS vulnerability when adding a tag via the user/?page=tribes tags parameter.
bilboplanet bilboplanet 2.0