Description
dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element.
Remediation
References
https://github.com/imsebao/404team/blob/master/dijit_editor_xss.md
Related Vulnerabilities
CVE-2022-36095 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates
CVE-2023-46651 Vulnerability in maven package io.jenkins.plugins:warnings-ng
CVE-2022-36909 Vulnerability in maven package org.jenkins-ci.plugins:openshift-deployer
CVE-2020-15084 Vulnerability in maven package org.webjars.npm:express-jwt
CVE-2023-36479 Vulnerability in maven package org.eclipse.jetty.ee9:jetty-ee9-servlets