vBulletin 4.0.8: Persistent XSS (Cross Site Scripting) Vulnerability

Users of vBulletin 4.0.8 please be advised of a Persistent XSS (Cross Site Scripting) vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

vBulletin-SA-11/14/2010: vBulletin 4.0.8 – Persistent XSS via Profile Customization
-:: The Advisory ::-
vBulletin is prone to a Persistent Cross Site Scripting vulnerability within the
Profile Customization feature. If this feature is not enabled the vulnerability
does not exist and the installation of vBulletin is thereby secure.

Within the profile customization fields, it is possible to enter colour codes,
rgb codes and even images. The image url() function does not sanitize user
input in a sufficient way causing vBulletin to be vulnerable to XSS attacks.Read more at http://www.criticalwatch.com