https://www.exploit-db.com/exploits/23657
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-548

MamboOpenSource4.6或可能早期版本的index.php存在跨站脚本（XSS）漏洞。远程攻击者可以借助Itemid参数执行其它客户端脚本。

source: http://www.securityfocus.com/bid/9588/info

It has been reported that Mambo Open Source may be prone to a cross-site scripting vulnerability that may allow a remote attacker to execute arbitrary HTML or script code in a user's browser. The issue exists in the 'Itemid' parameter of 'index.php' script.

Mambo Open Source version 4.6 has been reported to be prone to this issue, however, other versions may be affected has well.

http://www.example.com/index.php?option=content&task=view&id=1&Itemid="><script>alert(document.domain);</script>

来源:XF
名称:mambo-itemid-xss(15062)
链接:http://xforce.iss.net/xforce/xfdb/15062
来源:www.systemsecure.org
链接:http://www.systemsecure.org/advisories/ssadvisory06022004.php
来源:BID
名称:9588
链接:http://www.securityfocus.com/bid/9588