Critical Stored XSS Vulnerability Discovered in OopsSec Store via Malicious File Upload

A Stored XSS vulnerability has been identified in the OopsSec Store application, exploiting the image upload functionality for products. The flaw allows attackers to upload SVG files containing embedded JavaScript, as the server only validates the Content-Type header—controllable by the client—without verifying the actual file content. The frontend displays SVGs using an <object> tag, enabling script execution. Exploitation requires administrator access and triggers the payload for any user viewing the product page. No specific date or quantified impact is mentioned.