Multiple cross-site scripting (XSS) vulnerabilities in account_settings.php in TorrentTrader 1.07 allow remote attackers to inject arbitrary web script or HTML via the (1) avatar and (2) title parameters.

References

• https://nvd.nist.gov/vuln/detail/CVE-2007-4831
• https://exchange.xforce.ibmcloud.com/vulnerabilities/36531
• http://osvdb.org/37073
• http://secunia.com/advisories/26551
• http://www.securityfocus.com/bid/25616
• http://www.telspace.co.za/press-030.php