It was publicly released on different forums (http://cyruxnet.org/foro/viewtopic.php?t=559); multiple webmail systems and websites are vulnerable to Cross Site Scripting via a malformed file.

A basic PoC :

Build a text file (ie: photo.txt)

<script language="Javascript">
alert('Vulnerable!');...

[ more ]