Posted by Andrey Stoykov on Oct 28
# Exploit Title: Stored Cross-Site Scripting (XSS) via SVG File Upload –
totaljsv5013
# Date: 10/2025
# Exploit Author: Andrey Stoykov
# Version: 5013
# Tested on: Debian 12
# Blog:
https://msecureltd.blogspot.com/2025/10/friday-fun-pentest-series-46-stored.html
Stored Cross-Site Scripting (XSS) via SVG File Upload:
Steps to Reproduce:
1. Login with user and visit “Layouts”
2. Visit “Files” and click “Upload”
3….
– Read More – Full Disclosure
