Stored XSS via filename parameter in '/api/storage/upload/PostImage'

[tuando243]

Describe the bug
Stored XSS exists in Blogifier 3.0 via filename parameter in '/api/storage/upload/PostImage'.

Steps to reproduce

1. Login as admin.
2. Click on 'New post'.
3. Click on 'Insert Image' and insert the following payload <img src=1 onerror=alert(1)> in filename field.
4. Click on Save, Publish and View the post.

[rxtur]

Fixed with commit 97fcdac