CVE-2018-7265by Jeremyin Security Bulletinson Posted on February 21, 2018 Shimmie 2 2.6.0 allows an attacker to upload a crafted SVG file that enables stored XSS.