This happens when your webserver has the safe mode turned on or tweaked in a very aggressive way. In short, this causes that any <script> submitted through a form isn't allowed by your webserver.
You can inject that banner directly in the chv_settings table or ask your web hoster about this issue.