Will my WordPress site become vulnerable to Cross-Site Scripting (XSS) if I allow img tags in the comments area?

Many evil things can be done by including an image. The question is how well WordPress filters them. To give you an idea:

Leave a Comment

error code: 523