Due to unrestricted file upload vulnerability, we can upload a malicious file such as a polyglot without detection from the web server. Many sites allow images to be uploaded, so developers must ensure such images do not carry XSS payloads within them. Protection in this area can be in the form of magic number checks or special proxy servers screening all uploads.