[MEDIUM] TypiCMS Core has Stored Cross-Site Scripting (XSS) via SVG File Upload

PKSA-4g4t-fqh1-f8mt CVE-2026-27621 GHSA-xfvg-8v67-j7wp

Affected package: typicms/core

Affected version: <16.1.7

Reported by:
GitHub