Stored XSS via SVG File in microweber/microweber
Jul 6th 2022
By uploading SVG files, the users can perform Stored XSS attack.
Copy the following code and save as filename.svg.
Proof of Concept
 Login as admin.
 upload the payload injected SVG file at
 Copy the uploaded svg file url and open in new tab.
If an attacker can execute the script in the victim's browser via SVG file, they might compromise that user by stealing its cookies.