Description
"editavatar" XSS-
avatar url field parameters isn't properly sanitised before being
returned to the user. This can be exploited to execute arbitrary HTML
and script code in a user's browser session in context of an affected
site

example:
http://www.(javascript:alert());"<script>alert('r0t XSS')</script>.com/.jpg

Источник: xttp://security.nnov.ru/Kdocument369.html