Description
dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element.
Remediation
References
https://github.com/imsebao/404team/blob/master/dijit_editor_xss.md
Related Vulnerabilities
CVE-2018-11011 Vulnerability in maven package cc.ryanc:halo
CVE-2022-32210 Vulnerability in npm package undici
CVE-2020-8124 Vulnerability in npm package url-parse
CVE-2023-26475 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore
CVE-2022-39243 Vulnerability in maven package com.zaxxer:nuprocess