The spotim-comments plugin prior to 4.0.4 for WordPress has multiple XSS issues.
spot spot.im comments