CVE-2018-19600

Rhymix CMS 1.9.8.1 allows XSS via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload.

References

https://github.com/security-breachlock/CVE-2018-19600/blob/master/XSS.pdf

https://github.com/rhymix/rhymix/issues/1088