There is an XSS that allows to inject code throw the variable
window.name. I had found it two weeks ago but like I told you in the email I was unable to submit you the report.
This is due to the print of the value variable raw in the web page. Some attacker could just trigger a victim to open open the page like that and execute the vulnerability.