X (Formerly Twitter): XSS and cache poisoning via upload.twitter.com on ton.twitter.com

Hi, I would like to report an issue where attackers can bypass the upload restriction on upload.twitter.com to cause XSS on ton.twitter.com and cache poisoning. Detail When using upload.twitter.com to upload audience data, it checks if the file type is allowed and rejects any harmful files e.g...