source: https://www.securityfocus.com/bid/9588/info
It has been reported that Mambo Open Source may be prone to a cross-site scripting vulnerability that may allow a remote attacker to execute arbitrary HTML or script code in a user's browser. The issue exists in the 'Itemid' parameter of 'index.php' script.
Mambo Open Source version 4.6 has been reported to be prone to this issue, however, other versions may be affected has well.
http://www.example.com/index.php?option=content&task=view&id=1&Itemid="><script>alert(document.domain);</script>
