🕵️♂️ Proof of Concept
- Login into http://demo.kodcloud.com with demo:demo as username and password (Kodcloud uses https://github.com/kalcaddle/KodExplorer)
- Right click, "Upload Files" and upload SVG files containing XSS payload
- View the file and XSS will execute
Session stealing, SOP bypass and many more.