Description
Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a TEXTAREA element, as demonstrated by Firefox 54.0.1.
Remediation
References
https://github.com/Heartway/simditor/blob/master/simditor.docx
Related Vulnerabilities
CVE-2018-1000616 Vulnerability in maven package org.onosproject:onos-cli
CVE-2023-40339 Vulnerability in maven package org.jenkins-ci.plugins:config-file-provider
CVE-2023-34616 Vulnerability in maven package com.progsbase.libraries:json
CVE-2022-45146 Vulnerability in maven package org.bouncycastle:bc-fips-debug
CVE-2022-33980 Vulnerability in maven package org.apache.commons:commons-configuration2