Description
Simditor through 2.3.21 allows DOM XSS via an onload attribute within a malformed SVG element.
Remediation
References
https://github.com/mycolorway/simditor/releases/tag/v2.3.22
https://github.com/mycolorway/simditor/commit/ef01a643cbb7f8163535d6bfb71135f80ec6a6fd
https://github.com/hkglue/simditor_dom_xss/blob/master/README.md
https://github.com/hkglue/simditor_demo.git
Related Vulnerabilities
CVE-2015-9286 Vulnerability in npm package nodebb
CVE-2023-37942 Vulnerability in maven package org.jenkins-ci.plugins:external-monitor-job
CVE-2022-45135 Vulnerability in maven package org.apache.cocoon:cocoon-databases-impl
CVE-2022-24615 Vulnerability in maven package net.lingala.zip4j:zip4j
CVE-2021-28100 Vulnerability in maven package com.netflix.priam:priam