The concept of typically refers to a specialized image file designed to exploit Cross-Site Scripting (XSS) vulnerabilities through file uploads or image processing. While a standard PNG is static data, attackers can turn it into a "malicious" file by embedding executable scripts in areas the application might mistakenly trust. Common Attack Vectors
Attackers use several methods to hide payloads within a file named xss.png : xss.png