1. Linked XSS vulnerability. Attacker can inject XSS in URL string. Example: http://www.example.com/console/portal/">