Malicious File Upload is a type of web application vulnerability in which an attacker is able to upload any malicious file containing program code which is executed by the web server and then attacker can compromise the web server.
Command Injection is the most dangerous web application vulnerability (rated mostly 9-10.0/10.0 in CVS Score) that allows an attacker to run any arbitrary OS command on host Operating System using vulnerable web application.
Unlike Reflected XSS, Stored XSS is most dangerous cross site scripting vulnerability. This type of vulnerability arises whenever a web application stores user supplied data for later use in backend without performing any filter or input sanitization.
Reflected XSS occurs when the input supplied by the user reflects back in the browser window or inside page source of the web page.