Craft CMS prior to 2.6.2982 allows for a potential XSS attack vector by uploading a malicious SVG file.
craftcms craft cms