kiwitcms is vulnerable to stored Cross-site Scripting (XSS). The vulnerability exists because the library does not define the Content-Security-Policy
header to block inline JavaScript, which allows an attacker to inject and execute malicious javascript through the malicious SVG file upload.