Description

Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a TEXTAREA element, as demonstrated by Firefox 54.0.1.

Remediation

References

https://github.com/Heartway/simditor/blob/master/simditor.docx

Related Vulnerabilities

CVE-2018-1000616 Vulnerability in maven package org.onosproject:onos-cli

CVE-2023-40339 Vulnerability in maven package org.jenkins-ci.plugins:config-file-provider

CVE-2023-34616 Vulnerability in maven package com.progsbase.libraries:json

CVE-2022-45146 Vulnerability in maven package org.bouncycastle:bc-fips-debug

CVE-2022-33980 Vulnerability in maven package org.apache.commons:commons-configuration2

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Exploit Third Party Advisory