Key Information Vulnerability Title Portabilis i-diario 1.5.0 Cross Site Scripting Description Summary: - An attacker can upload a malicious SVG file containing embedded JavaScript that is executed when the file is accessed directly. This results in Stored Cross-Site Scripting (XSS). Full Details: - The endpoint allows users to upload files. After uploading a crafted SVG file, XSS could be triggered when opening the file. Payload Example PoC Steps Create the file with the payload and upload it via the endpoint. Then, simply open the file to trigger the XSS. Impact Allows attackers to execute arbitrary JavaScript code on the victim's browser, potentially leading to session hijacking, data theft, or other malicious activities.