Topcoder: SVG file upload leads to XML injection

Summary: Upload Avatar option allows the user to upload image/ . Thus enabling the upload of many file formats including SVG files MIME type: image/svg+xml SVG files are XML based graphics files in 2D images. Thus, this opens up an attack vector to upload specially crafted malicious SVG files. Th...