Information leakage on form file upload, images comments scrip execution , DOM sanitization filters bypass.
vulners.com/securityvulns/securityvulns:doc:19342