EPSS
Percentile
23.8%
For any role that has permission to execute function assets, i can add a new asset. Even though the site only allows uploading images and gifs, I can still upload an html file by modifying the magic number and that leads to XSS.