An issue exists in the Image Resizer plugin prior to 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action.
verbb image resizer