XSS via file upload

I found xss via file upload here i uploaded svg file which stored in google cloud and reflected with xss

1) login at app.xyz.com
2) go to online store >> settings >> Email Notification >> Email design
3) click edit
4) Upload the file with svg payload
5) save the file and open image in new tab

But it’s marked as duplicate

Next day I observed that bug got patched and we can’t do xss anymore.

But after I saw url changed

https://images.xyz.com/s/cdn/v1.0/i/m?url=https%3A%2F%2Fstorage.googleapis.com%2Fproduction-xyz-v1-3%2F823%2F1134823%2FUc1iyTw%2Fe843c14e4a5f46c6898aeb3133ea1a30&methods=convert%2Cpng

After URL decoding

https://images.xyz.com/s/cdn/v1.0/i/m?url=https://storage.googleapis.com/production-xyz-v1-3/823/1134823/Uc1iyTw/e843c14e4a5f42c6898aeb3133ea1a30&methods=convert,png

What if I remove the convert part from url.

Oh we get pop up again

After reporting it’s got triaged