#file-upload

Stored XSS via SVG Upload

Engagement Summary During a recent web application penetration test, I discovered a Stored Cross-Site Scripting (XSS) vulnerability by uploading a malicious SVG file containing inline JavaScript. This