This was reported on October 20 2012
The first response i received was:
Hi there Anakorn, Thank you very much for the report and proof-of-concept file. We are looking into it now, and will let you know if we have any questions. In the meantime, we ask that you do not publicly disclose this potential issue, in order to protect Adobe's customers. This has been assigned the Adobe tracking number 1398. We appreciate your discretion and cooperation. Please let us know if you have any questions. Thank you again, Tasha Adobe Product Security Incident Response Team
I did not received any response after that from the adobe team. I rechecked it again recently and found out that the url no longer exists.
Simply insert an xss payload “><script>alert(1)</script> in the First name,last name textbox, etc
What is weird is that it seems like it is fixed now but i never received any more info about it from adobe.