Product
An authenticated file upload validation bypass in Postiz prior to version 2.21.6 allows attackers to upload arbitrary HTML, SVG, or other executable file types by spoofing the `Content-Type` header, resulting in stored XSS and potential account takeover.