Arcane, Unauthenticated SVG Reflected XSS (Critical) (CVE-N/A)

Listen to this Post

The vulnerability exists in the unauthenticated GET `/api/app-images/logo` endpoint. The handler accepts a `color` query parameter without validation. The `GetLogoInput.Color` struct field has no validation tags, allowing arbitrary user input. The backend service passes this value through applyAccentColorToSVG, which performs naive `strings.ReplaceAll` on the embedded logo.svg. The SVG contains a `