XSS via svg file upload
Cloudreve allow any user to sign up for an account .
So, using this xss attacker can attack other user .
1. admin-->user A -->attacker.
2. user -->user B --->victim
1. From admin(user A) goto account and upload a svg file with xss payload .
2. Now share this link like
3. Now when user B open this link then xss is executed.\
one user can attack other user using xss attack