Props to Luigi – (gubello.me) for discovering an XSS issue where authenticated users with upload permissions are able to add JavaScript to media files.
XSS
Luigi (gubello.me)
No
2020-06-11 (about 2 years ago)
2020-06-13 (about 2 years ago)