CVE-2005-4621

Name of the Vulnerable Software and Affected Versions vBulletin version 3.5.1

Description A cross-site scripting (XSS) issue exists in the editavatar page, allowing remote attackers to inject arbitrary web script or HTML via a URL in the remote avatar url field. This occurs when the URL generates a parsing error and may require a trailing extension such as .jpg.

Recommendations For vBulletin version 3.5.1, as a temporary workaround, consider restricting access to the editavatar page until a patch is available. Avoid using the remote avatar url field with untrusted input to minimize the risk of exploitation.