In the file upload feature, the system did not allow uploading files with extensions like html, … But when uploading files with extension xhtml
, it leads to XSS vulnerabilities.
https://drive.google.com/file/d/1_MTa4st4POafaUAwn17n7ygp_TrF9BXp/view?usp=sharing