This is one of the interesting XSS challenge . In this challenge the motive was to learn that the filename field can also not sanitized which could lead to XSS attacks.

For this you can create a file in a UNIX environment with an XSS vector in it’s name like <script>alert(document.cookie)</script>.jpg

Or also can intercept the request and change the file name field and conclude that following field is vulnerable.