Mambo Site Server Account Registration HTML Injection Vulnerability

Mambo Site Server Account Registration HTML Injection Vulnerability

Mambo Site Server does not sufficiently sanitize HTML submitted through the "Your Name" form field during account registration. Data in this field may be output to other users. An attacker may include arbitrary HTML and script code in these fields and when this information is viewed by other users, the attacker-supplied code will execute in their web client in the security context of the site.

It is possible that other account registration form fields also do not sufficiently sanitize HTML.