These vulnerabilities in the MOStlyCE editor were fixed and a new release made within 2 days of the Mambo Team being notified of the vulnerabilities. http://forum.mambo-foundation.org/showthread.php?t=10158 Please Note: it is useful to notify Mambo whenever any risk is identified. Mambo is NOT at mamboserver.com. The project home is http://mambo-foundation.org.