Fix at https://huntr.dev/bounties/fce38751-bfd6-484c-b6e1-935e0aa8ffdc/ is not adequate,attacker can use test.html?a=1
to bypass built-in PHP function pathinfo(). (Also can used for .php )
// payload.html?a=1
<script>alert('xss')</script>
POC Video: https://drive.google.com/file/d/1PZmAhAKMRsA2VB6fMng7UyCYn57iFdpr/view?usp=sharing