DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload