💥 BUG

Stored xss via file upload

💥 SUMMURY

uploaded file extension only checked in client-side javascript. It must be also checked in server side so that user cant upload html file instead of image .

💥 STEP TO REPRODUCE

1. From your account goto http://localhost:9000/campaigns/media and upload a image . Now change the filename to html file and put xss payload in the browser network tab. now forward the request .
2. Now visit the uploaded file and see xss is executed

💥 VIDEO

https://drive.google.com/file/d/1xgNfsZ8-Roltnhgj_9zriTZvMI7Dckbb/view?usp=sharing