XSS via SVG Image Upload – AlegroCartv1.2.9  – Full Disclosure

Posted by Andrey Stoykov on Apr 23

# Exploit Title: XSS via SVG Image Upload – alegrocartv1.2.9
# Date: 04/2025
# Exploit Author: Andrey Stoykov
# Version: 1.2.9
# Tested on: Debian 12
# Blog: https://msecureltd.blogspot.com/

XSS via SVG Image Upload:

Steps to Reproduce:

1. Visit http://192.168.58.129/alegrocart/administrator/?controller=download
2. Upload SVG image file with the contents below
3. Intercept the POST request and change the Content-Type to “Content-Type:…
 – Read More  – Full Disclosure