diff --git a/CHANGELOG.md b/CHANGELOG.md
index 214e846ded..49262893c1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,7 @@
 See [Upgrading] for details on how to upgrade.
 
 - Fix `sort_by` not being filtered in search form, #1252
+- Fix bug allowing to execute arbitrary JavaScript in SVG files, #1252
 
 [3.10.8]: https://github.com/eventum/eventum/compare/v3.10.7...master
 
diff --git a/lib/eventum/class.misc.php b/lib/eventum/class.misc.php
index f776a0d092..74619b3874 100644
--- a/lib/eventum/class.misc.php
+++ b/lib/eventum/class.misc.php
@@ -636,6 +636,7 @@ public static function outputDownload($data, $filename, $filesize, $filetype, $f
         header('Content-Type: ' . $filetype);
         header("Content-Disposition: {$disposition}; filename=\"{$filename}\"; filename*=UTF-8''{$filename}");
         header("Content-Length: {$filesize}");
+        header("Content-Security-Policy: script-src 'none'");
         echo $data;
         exit;
     }