Crossite scripting, code execution, information disclosure.
vulners.com/securityvulns/securityvulns:doc:29148
vulners.com/securityvulns/securityvulns:doc:29163