SS-2016-017: SVG Uploads
- Severity:
- Low (?)
- Identifier:
- SS-2016-017
- Versions Affected:
- <=3.6.0
- Versions Fixed:
- 3.6.1
SVG Images uploads can execute arbitrary scripts, and introduces the risk of XSS.
Upload of files with the .svg extension will be disabled by default.
Discovered by SEC Consult Singapore Pte. Ltd. (https://www.sec-consult.com/)