Humblelad

**Name of the Vulnerable Software and Affected Versions** Submitty versions through 20.04.01 **Description** The issue allows for XSS via the upload of an SVG document. This can be exploited by an attack, for example, by a Student against a Teaching Fellow. **Recommendations** For versions through 20.04.01, consider restricting the upload of SVG documents to prevent XSS attacks until a patch is available.