Shimmie 2 2.6.0 allows an attacker to upload a crafted SVG file that enables stored XSS.Referenceshttps://github.com/shish/shimmie2/issues/631
