CVE-2018-16625 (typesetter)

index.php/Admin/Uploaded in Typesetter 5.1 allows XSS via an SVG file with JavaScript in a SCRIPT element.
Source: NIST
CVE-2018-16625 (typesetter)