File Upload Bypass Leads to Stored XSS in cockpit-hq/cockpit
Aug 13th 2023
In the file upload feature, the system did not allow uploading files with extensions like html, ... But when uploading files with extension
xhtml, it leads to XSS vulnerabilities.
Proof of Concept
Through the hole. attacker can execute malicious code