16Ara
SOP (Same Origin Policy) and CDN SVG XSS
If an SVG file with an XSS payload is hosted on say cdn.example.com and is loaded as a display picture on say mainprod.com, can the XSS payload within the SVG file access and steal cookies from mainprod.com despite the Same-Origin Policy (SOP) being in place or would SOP prevent it?
