Clickjacking
Command Injection & HTML injection