H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack.
h2o h2o -