Remotely exploitable Denial of Service (DOS) vulnerabilities that can compromise the system but do require user interaction.
Vulnerabilities that may allow anonymous users (i.e. users not registered at the site) to log in as a site user or take administrative actions.
Interaction (such as an administrator viewing a particular page) may be required for this exploit to be successful, or in cases where interaction is not required (such as CSRF) the exploit causes only minor damage.
Previous examples include: OpenID impersonation, SQL injection
