Do you allow to load SVG files? You have XSS!

Uploading files by web application users creates many vulnerabilities. In this functionality, pentesters are looking for gaps leading to remote code execution on the server side. What if the upload of a new file resulted in the execution of a malicious JS script? Such opportunity provides SVG files that describe vector graphics in modern browsers. …