Parse Server vulnerable to stored cross-site scripting (XSS) via SVG file upload