Describe the bug
The web application allows image upload and attacker was able to upload a file containing HTML content. XSS payload can be injected in the file uploaded.
Steps to reproduce
Login as admin.
Click on 'New post'.
Click on 'Insert Image' and upload .html file with xss payload inside.
Describe the bug The web application allows image upload and attacker was able to upload a file containing HTML content. XSS payload can be injected in the file uploaded.
Steps to reproduce