Possible IE XSS attack to load svg in joomla 3

Question

Possible IE XSS attack to load svg in joomla 3

I tried to load SVG file in joomla 3 with standard media manager, so I found this solution:

add .svg extension in Configuration -> media manager -> legal extensions

add image/svg+xml mime type in Configuration -> media manager -> legal mime-type

I even turned off the mime check type and checked the file type in this area

now when i want to load svg file i got this error:

Possible IE XSS Attack found

what should I do?

+3

joomla xss svg image-uploading joomla3.0

Mohammad rezaei 30 oct. 14 at 14:28

source to share

1 answer

Artur Stępień · Answer 1 · 2016-11-21T22:49:07+0000

Simple answer: you cannot do this with the default media manager. This is the risk of an XSS attack, so svg files will be rejected by default. You can try to do it with another file explorer like FILEman or eXtplorer .

Possible IE XSS attack to load svg in joomla 3

More articles: