This is called HTML Injection (or Script injection) and the best thing to do is to ensure it doesn't happen at source. Start with Wiki: it will tell you about the subject, including ways to avoid it:
http://en.wikipedia.org/wiki/Code_injection[
^]
You will have to clean your data yourself by looking at every text field in your database, I'm afraid!