Stored Xss Vulnerability on ████████

**Summary:** A Xss vulnerability using svg file & html file. ## Step-by-step Reproduction Instructions 1. Go to https://██████████/SitePages/Register.aspx and register. 2. Go to `https://██████████/Profiles/My/#Your Username#/Blog/default.aspx` and click `Create a Post` button. 3. Click `Body` textarea and click `Insert` button. 4. Click `Upload File` button and choose file (mygf.html or evilsvgfile.svg) 5. Click `Ok` button and wait. 6. Click Preview button and you will see xss alert. PoC: 1. Go to https://████████/_login/default.aspx?ReturnUrl=%2f_layouts%2f15%2fauthenticate.aspx%3fsource%3d%2fConference&source=/Conference and login with this username and password: `username: ███████` `password: ███████` 2. Go to https://██████/Profiles/My/alobaloss/Blog/Lists/Photos/evilsvgfile.svg So, you can see xss alert. ## Impact Classic Stored Xss