script injected inside value attribute of input tag during security scan - does it really matter?

Hi All,

While running security scan for an application, we got error like The test successfully embedded a script in the response, which will be executed once the user activates the OnMouseOver function However, in the response we can see that the script embedded looks like
<input type="text" value="search onMouseOver=alert(5)" id="x"/>

I cannot see any security threat here, do we need to worry about this? since we already have a filter which filters out < > symbols , thus <script> can never be injected.
Please provide your valuable suggestions.