XSS through image upload of contacts using svg file with png extension

Disclosed: 2020-12-26 12:20:56 By hitman_47 To nextcloud

Low

Vulnerability Details

Hello again, this is a bypass #89487 basically use the same payload file but change the extension to PNG ## Impact XSS or Open redirect when viewing the image of a contact

Actions

View on HackerOne

Report Stats

Report ID: 998422
State: Closed
Substate: resolved
Upvotes: 20

XSS through image upload of contacts using svg file with png extension

Vulnerability Details

Actions

Report Stats

Share this report