The femanager extension prior to 5.5.1 and 6.x prior to 6.3.1 for TYPO3 allows XSS via a crafted SVG document.
in2code femanager