Multiple cross-site scripting (XSS) vulnerabilities in account_settings.php in TorrentTrader 1.07 allow remote attackers to inject arbitrary web script or HTML via the (1) avatar and (2) title parameters.
https://exchange.xforce.ibmcloud.com/vulnerabilities/36531
http://www.telspace.co.za/press-030.php
http://www.securityfocus.com/bid/25616