Description
For any role that has permission to execute function assets, i can upload a html file and that leads to XSS.
Proof of Concept
- Link PoC: https://docs.google.com/document/d/1pZAi6PZiBmN3yNsBmY8Z9Qd3_hv-8zPHUh69h-i1rvA/edit?usp=sharing
- Link video PoC: https://photos.app.goo.gl/XhZa1LTUN9265L667