Description
dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element.
Remediation
References
https://github.com/imsebao/404team/blob/master/dijit_editor_xss.md
Related Vulnerabilities
CVE-2021-21321 Vulnerability in npm package fastify-reply-from
CVE-2020-7693 Vulnerability in npm package sockjs
CVE-2021-23327 Vulnerability in npm package apexcharts
CVE-2020-10687 Vulnerability in maven package io.undertow:undertow-core
CVE-2022-39299 Vulnerability in npm package @node-saml/passport-saml