Potentional XSS and reflected download issues with people search photos #688
Description
When users have the ability to upload photos, there is a potential for malicious users to upload scripting or or other non-photo types and have them reflected where photos are viewed.
This issue allows downloads of files that do not match an appropriate mime image type by having the application guess a mimetype via sniffing.
Thanks to Yassine Bengana & Maxime Escourbiac from Michelin CERT Team for discovery and responsible disclosure of this issue.