19Tem
Does this qualify as Filename Upload DOM-XSS?
An application has the following javascript code which is triggered whenever an user tries to upload a file.
a.html(fileName)
then if the user uploads a file named <img src=x onerror=alert()> the javascript code is executed.
Does this qualify as a Low-severity DOM-XSS? I mean, usually I see DOM-XSS which exploit URL giving more strength to the attack. In this case I should trick a user to upload a file with a specific name, so it's like a self-xss. Also, I couldn't find a cve for this kind of DOM-XSS.
