Description
Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a TEXTAREA element, as demonstrated by Firefox 54.0.1.
Remediation
References
https://github.com/Heartway/simditor/blob/master/simditor.docx
Related Vulnerabilities
CVE-2023-4863 Vulnerability in npm package electron
CVE-2019-5442 Vulnerability in maven package ro.pippo:pippo-jaxb
CVE-2020-10719 Vulnerability in maven package io.undertow:undertow-core
CVE-2020-28501 Vulnerability in npm package es6-crawler-detect
CVE-2022-31129 Vulnerability in maven package org.webjars.bower:momentjs