Description
Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a TEXTAREA element, as demonstrated by Firefox 54.0.1.
Remediation
References
https://github.com/Heartway/simditor/blob/master/simditor.docx
Related Vulnerabilities
CVE-2023-22899 Vulnerability in maven package net.lingala.zip4j:zip4j
CVE-2020-15999 Vulnerability in npm package electron
CVE-2020-28277 Vulnerability in maven package org.webjars.npm:dset
CVE-2019-10773 Vulnerability in maven package org.webjars.npm:yarn
CVE-2023-46122 Vulnerability in maven package org.scala-sbt:io_2.13