It looks like most or all sites running the pomf software can be used as a XSS attack vector via the .svg file format. I think the only way to fix is to strip all unnecessary html with in the file,...
