CVE-2019-16126

Grav through 1.6.15 allows (Stored) Cross-Site Scripting due to JavaScript execution in SVG images.
Source: NIST
CVE-2019-16126