Hi there,
Your project has a function of uploading files.That is the section named “Resource”.But it does not filter the content of the uploaded files. If we upload an svg file containing malicious data and a user accesses it, xss will be triggered.
Please visit my video link
https://drive.google.com/file/d/10GQODgA3evtTGYmdAivR9zYGxsarr1L0/view
1.Login as any user.
2.Click the module named “Resource”.
3.Upload a svg file and the contents of this file are as follows.
<x:script xmlns:x=“http://www.w3.org/1999/xhtml”>alert(document.domain)</x:script>
4.Access this svg file