FileId is inserted directly into the DOM without escaping, allows HTML injection.
How to reproduce
Modify the file ID generator to inject payload
function generateFileId() {
return 'file_' + Date.now() + '_"><img src=x onerror=alert("XSS")>';
}Send any file
FileId is inserted directly into the DOM without escaping, allows HTML injection.
How to reproduce
Modify the file ID generator to inject payload
Send any file
