There is a much more significant issue than executing an XSS if you can upload a file to a remote site... If this is how you plan to execute the XSS then there is nothing to fix or even do here on our part. Scott MacVicar Development Team, vBulletin