Stored XSS Via Filename On https://partners.line.me/

When uploading a file to “partners.line.me” with a filename containing an XSS payload, the server did not escape the filename. This caused DOM-based XSS to be embedded in HTML. Uploaded files were stored for a certain period of time only. However, as long as they were available on the server, accessing the path triggered XSS and the saved payload was displayed without escaping. Yet, it turned out that cookie theft was not possible.