Description
dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element.
Remediation
References
https://github.com/imsebao/404team/blob/master/dijit_editor_xss.md
Related Vulnerabilities
CVE-2020-28438 Vulnerability in npm package deferred-exec
CVE-2019-10744 Vulnerability in npm package @sailshq/lodash
CVE-2022-23510 Vulnerability in npm package @cubejs-backend/api-gateway
CVE-2022-31108 Vulnerability in maven package org.webjars.npm:mermaid
CVE-2022-41254 Vulnerability in maven package org.jenkins-ci.plugins:cons3rt