Jerome Bruandet, from NinTechNet, discovered a bypass in the SVG sanitizer, which could lead to an authenticated stored XSS issue from users with the upload_files capability.
BYPASS
Jerome Bruandet (NinTechNet)
No
2020-05-06 (about 2 years ago)
2020-05-06 (about 2 years ago)
2020-05-07 (about 2 years ago)