Visma Bug Bounty Program: Unrestricted file upload when creating quotes allows for Stored XSS

An attacker is able to bypass the restrictions which limit user uploads to .PDF only. Utilizing this exploit an attacker can upload malicious content to the web server. First the system checks the MIME-Type, and if it fails too match Content-Type: application/pdf then the upload won't be processe...