Potential vulnerability in JSON response returning base 64 encoded image data, with the response being vulnerable to MIME sniffing


A JSON response in the API of a webapp is returning the base64 of a user-uploaded image, and there’s no X-Content-Type-Options Header to prevent MIME sniffing.

Could this be a potential vulnerability such as an XSS for the webapp by using steganography to edit the image with a payload, uploading it, and then MIME sniffing the JSON response? (or by any other means?)