Unsafe cookie handling, code execution via different formats and protocols, privilege escalation, information leakage.
vulners.com/securityvulns/securityvulns:doc:30550